On this page:
When reading mail in Apple's Mail application, you may occasionally receive a message that gives an error about being "Unable to verify message signature". If you click on the button for "Show Details", you will see a message:
Unable to verify message signature
Mail was unable to verify the authenticity of the S/MIME certificate provided by "username@MIT.EDU". Messages signed by this user may be coming from a different source.
This can happen if the person who sent you mail signed their message with a personal certificate that your computer does not trust.
For example, the sender may have configured their mail program to sign their mail with their MIT certificate, but your computer may not have the Client CA v1 to verify the signature.
If you want to verify the signatures, you will need to get the Certificate Authority (CA) that created the sender's MIT certificate. One way to get the "Client CA v1" is to run one of MIT's certificate helper utilities - either Installing and Managing Certificates for Mac using CertAid 2.x (Macintosh) or CertAid for Internet Explorer (Windows). Another way is to download the Client CA v1 and then install it by hand.
Instead of asking everyone to install the Client CA v1, another option is to ask the sender to stop signing their messages. They may not know that their messages make people see confusing warnings.
If the sender is using the Mail application on a Macintosh, they should see two extra icons while composing a message, just to the right of the "Signature" menu. One icon looks like a padlock, the other like a star-burst balloon. When Mail is set to digitally sign messages, the star-burst balloon will have a small "check-mark" in the center:
To set the Mail application to stop signing mail, you need to click the star-burst balloon to make it have a small "X" in the center, which indicates that the message will not be digitally signed:
The sender only needs to do this once, and Mail will remember not to sign any more messages.
OWA shows a different error message when OWA cannot verify signatures. OWA shows: