If you’re using a ‘Personal E-mail Certificate‘ by Thawte to sign or encrypt your eMails under Mac OS X there’s nothing more simple than updating to a new certificate after the current expired or is going to expire.

There’s especially no need to remove or delete the expiring or expired certificate within Mac’s Keychain! Sit and wait!

A step-by-step guide

1. When it’s time to update your certificate because yours is going to expire soon or has already expired (Mail will tell you), Login to Thawte’s account-panel.
2. Go to “certificates“, then “request a certificate“, and click the “request“-button. A small browser-window opens.
3. Accept all default-settings. Choose “Accept Default Extensions” on the last page.
4. The new key pair is automatically generated, downloaded and saved to Mac’s Keychain.


And well: That’s it! Don’t delete your old certificate or keys! Your Mac will automatically use the new keys when the old expire. And it needs the old keys to open old encrypted eMails! – It’s that simple. Nice, isn’t it? It’s exactly what a Mac is about: Simplicity.

Gerrit Eicker, August 2008; Comments