#527 accepted

Choosing which S/MIME certificate to use

Reported by Christian | December 9th, 2013 @ 04:43 PM


I have an old (expired) S/MIME certificate that I don't want MailMate to use but I can't delete it as it would mean that I would be unable to read any emails encrypted with it. I have marked the old certificate as untrusted but MailMate still insist on using it instead of a newer certificate.

I would thus be most grateful for some help in sorting this out.

Best regards,

Comments and changes to this ticket

  • benny

    benny December 9th, 2013 @ 10:56 PM

    • State changed from “new” to “accepted”

    It is a known issue. I'll note it in this ticket when I have a solution for you, but it might be a while.

  • Christian

    Christian December 13th, 2013 @ 11:12 AM

    Ok, thanks for your help. Looking forward to the update.

  • Michael Moore

    Michael Moore December 24th, 2013 @ 12:56 AM

    I'd like to also add a request for this feature. I have the same situation.

    Those of us using commercially-obtained S/MIME certs often must renew them each year, which generates a new certificate. It's not an uncommon problem.

  • Matt Gray

    Matt Gray July 21st, 2014 @ 06:51 PM


    I have this issue as well. I've tried going into Keychain Access and creating an "Identity Preference" in order to clue Mac OS X (and MailMate) in on using the correct certificate, but no luck yet. I will try a reboot to see if that allows MailMate to see the identity preference.

  • Matt Gray

    Matt Gray July 21st, 2014 @ 07:03 PM

    Confirmed that Keychain Access identity preferences do not help here, even after a reboot.

    However, I have a workaround:

    1. Open Keychain Access
    2. File > New Keychain...
    3. Name it old-smime or whatever you please
    4. Choose a password to protect it
    5. Drag-and-drop the expired certs from "My Certificates" into the new Keychain
    6. Enter the password to allow the move
    7. Right-click on the new keychain and lock it
    8. Attempt to send signed e-mail from MailMate... it should only see the cert available in the unlocked login keychain!

    Your mileage may vary and do take care that you do not lose your old keys.

  • daniel.mann (at terranhost)

    daniel.mann (at terranhost) January 2nd, 2015 @ 11:55 PM

    My first certificate expires in a few days, and I've just gotten a new one and added it in Keychain. MailMate still uses the old cert.

    I'm not really familiar with using multiple keychains, and would prefer a method to correct this that does not require adding a keychain and moving the older certificate out of the Login keychain. Is there any way to select or specify the default certificate for an email address in MailMate?

    Current config: OS X Mountain Lion (10.8.5), MailMate 1.8 (4576). Can also test on Yosemite if needed.

    Thank you,

    Daniel Mann

  • benny

    benny January 3rd, 2015 @ 09:52 AM

    @Daniel: Sorry, there is currently no other way (as far as I know). If I remember correctly this is easier for me to improve when MailMate has transitioned to 64 bit since that also means MailMate no longer supports 10.6. The plan is to use this function if it works as expected (I cannot test it right now).

  • daniel.mann (at terranhost)

    daniel.mann (at terranhost) January 30th, 2015 @ 03:01 PM

    Moving the old certificate to another keychain did work. A note for others wanting to do this: for me at least, I had to move the old certificate to the new keychain while viewing the My Certificates category, as it would not move from the All Items view.

    MailMate was closed while making changes in Keychain Access. After making the changes, MailMate prompted me to use the new certificate the first time I composed a message from the associated email address. Everything seems to work fine now.

    I look forward to built-in support for updating certificates in the upcoming 64 bit version.

    Thank you,

    Daniel Mann

  • Paul

    Paul April 27th, 2015 @ 02:47 AM

    +1 Hope to see a fix soon.

  • Paul

    Paul April 29th, 2016 @ 08:41 AM

    One year later, I have a new cert and am reminded of this problem. Fixed again by moving the cert to another keychain, but i had to come back here to be reminded of the fix.

    Not only is MailMate unable to select the new cert for signing emails, or let me select it; but it also signs and sends my emails with the expired cert, without warning me. So it takes a recipient to mention to me that i've got an expired cert.

  • Zach Isbach

    Zach Isbach August 5th, 2016 @ 09:17 PM

    In the mean time maybe MailMate could fail when the selected certificate is expired, like it does when it can't find a certificate?

  • benny

    benny August 17th, 2017 @ 04:05 PM

    • State changed from “accepted” to “fixcommitted”

    I believe this has worked for some time in the test releases of MailMate: Hold down ⌥ when clicking “Check Now” in the Software Update preferences pane to try it out. (It's not the only S/MIME related issue I've attempted to fix.)

  • benny

    benny September 22nd, 2017 @ 12:54 PM

    • State changed from “fixcommitted” to “fixreleased”

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Mac OS X email client.

Shared Ticket Bins


Referenced by