Access Keys:
Skip to content (Access Key - 0)

Q: Apple Mail - unable to verify message signature

On this page:

When reading mail in Apple's Mail application, you may occasionally receive a message that gives an error about being "Unable to verify message signature". If you click on the button for "Show Details", you will see a message:

Unable to verify message signature
Mail was unable to verify the authenticity of the S/MIME certificate provided by "username@MIT.EDU". Messages signed by this user may be coming from a different source.

Error message
Click on thumbnail to view full-size image

Answer

Description

This can happen if the person who sent you mail signed their message with a personal certificate that your computer does not trust.

For example, the sender may have configured their mail program to sign their mail with their MIT certificate, but your computer may not have the Client CA v1 to verify the signature.

Action

To verify signatures

If you want to verify the signatures, you will need to get the Certificate Authority (CA) that created the sender's MIT certificate. One way to get the "Client CA v1" is to run one of MIT's certificate helper utilities - either Installing and Managing Certificates for Mac using CertAid 2.x (Macintosh) or CertAid for Internet Explorer and Google Chrome (Windows). Another way is to download the Client CA v1 and then install it by hand.

To stop generating signatures

Instead of asking everyone to install the Client CA v1, another option is to ask the sender to stop signing their messages. They may not know that their messages make people see confusing warnings.

If the sender is using the Mail application on a Macintosh, they should see two extra icons while composing a message, just to the right of the "Signature" menu. One icon looks like a padlock, the other like a star-burst balloon. When Mail is set to digitally sign messages, the star-burst balloon will have a small "check-mark" in the center:
Check marked star-burst balloon

To set the Mail application to stop signing mail, you need to click the star-burst balloon to make it have a small "X" in the center, which indicates that the message will not be digitally signed:
X marked star-burst balloon

The sender only needs to do this once, and Mail will remember not to sign any more messages.

Miscellaneous

OWA shows a different error message when OWA cannot verify signatures. OWA shows:

This message has a digital signature. The digital signature couldn't be validated because the S/MIME control isn't available.

Community

Documentation and information provided by the MIT Community


Last Modified:

December 17, 2014

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-email c-email Delete
c-certificates c-certificates Delete
c-applemail c-applemail Delete
message message Delete
signature signature Delete
email email Delete
sign sign Delete
s-mail s-mail Delete
signing signing Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki