Q: Apple Mail - unable to verify message signature
On this page:
When reading mail in Apple's Mail application, you may occasionally receive a message that gives an error about being "Unable to verify message signature". If you click on the button for "Show Details", you will see a message:
Unable to verify message signature
Mail was unable to verify the authenticity of the S/MIME certificate provided by "username@MIT.EDU". Messages signed by this user may be coming from a different source.
Answer
Description
This can happen if the person who sent you mail signed their message with a personal certificate that your computer does not trust.
For example, the sender may have configured their mail program to sign their mail with their MIT certificate, but your computer may not have the Client CA v1 to verify the signature.
Action
To verify signatures
If you want to verify the signatures, you will need to get the Certificate Authority (CA) that created the sender's MIT certificate. One way to get the "Client CA v1" is to run one of MIT's certificate helper utilities - either Installing and Managing Certificates for Mac using CertAid 2.x (Macintosh) or [istcontrib:CertAid for Internet Explorer and Google Chrome] (Windows). Another way is to download the Client CA v1 and then install it by hand.
To stop generating signatures
Instead of asking everyone to install the Client CA v1, another option is to ask the sender to stop signing their messages. They may not know that their messages make people see confusing warnings.
If the sender is using the Mail application on a Macintosh, they should see two extra icons while composing a message, just to the right of the "Signature" menu. One icon looks like a padlock, the other like a star-burst balloon. When Mail is set to digitally sign messages, the star-burst balloon will have a small "check-mark" in the center:
To set the Mail application to stop signing mail, you need to click the star-burst balloon to make it have a small "X" in the center, which indicates that the message will not be digitally signed:
The sender only needs to do this once, and Mail will remember not to sign any more messages.
Miscellaneous
OWA shows a different error message when OWA cannot verify signatures. OWA shows:
This message has a digital signature. The digital signature couldn't be validated because the S/MIME control isn't available.
1 Comment
comments.show.hideMay 11, 2021
Nicolas Camenisch
Using CertAid to install the Client CA v1 certificate doesn't work (anymore). Instead one has to install it by hand.