This will let you validate the new e-mail address. Go to the StartSSL Control Panel and click on Validation Manager. If you have more than one e-mail address, you can get additional SSL certificates now. You should see your new key listed under the “login” keychain, in the “My Certificates” category.Click the Keychain Access icon in the Dock. You may see its icon bouncing in your Dock. After clicking “Install” on the next screen, Safari will download the new key and start the Keychain Access program.I recommend you select “2048 (High Grade)”. You’ll be asked to verify what grade of key you’d like to generate.You need to do this within 15 minutes, or you’ll have to start over. Check the e-mail account you entered it should be there.
A new screen will appear asking you to enter a verification code.During this time, your browser and the CA are negotiating your new key. Your browser may seem to take a while to load.A pop-up message will appear asking you to verify that you’ll comply with the StartCom policies.Enter the e-mail address for which you want a certificate. Click the “Control Panel” button at the top right of the page.You can get a new one at no charge when it expires. StartCom offers a basic Class 1 SSL certificate at no charge.
If you don’t already know you need a better SSL certificate (and how to get one), you’re almost certainly fine with a Class 1 certificate. You can get “better” certificates that provide a stronger proof of your identity. There are several CAs that will give you a “Class 1” SSL certificate for your email address. (It’s possible to generate a “self-signed” SSL certificate on your own, but that will generate “untrusted certificate” errors for your correspondents unless you make them do extra work.) The “big” commercial CAs are already trusted by most operating systems. To be useful, you need a SSL certificate that is signed by one of the major Certificate Authorities (CAs). To use S/MIME, you must obtain a SSL Certificate for your e-mail address. Here, I’ll show you how to set up S/MIME on your Mac running 10.9 “Mavericks” or 10.10 “Yosemite”, and then transfer that S/MIME certificate to your iOS 7 or 8 device. It’s possible to set up S/MIME directly on an iOS device, but I’ll leave that to someone else to figure out.
In this example, I’m presuming you have a Mac and one or more iOS devices (iPhone, iPad, iPod). Even if you normally prefer PGP/GPG, it’s a good idea to set up S/MIME as well. Setting up S/MIME for your Apple products isn’t that hard. There are plenty of S/MIME compatible mail programs.
However, Apple’s Mail programs on Mac OS and iOS both support it, as does Microsoft Outlook on Windows. S/MIME has long been the bastard stepchild of e-mail encryption, largely because it’s more complex to set up and keep up.
The alternative is S/MIME, which is an official Internet standard. It seems to crash a lot, it breaks with every new Mac OS version, and it’s no longer free.
While a GPG plugin is available for Mac OS, in my experience it doesn’t work very well. That’s especially true on Apple products. The problem is that PGP requires a certain amount of technical savvy to use safely, and it can be awkward to use. Most security types like PGP (or its open-source clone GPG), because it’s been around for a long time. There are two standard methods for encrypting e-mail: PGP and S/MIME. Encryption software can do two things for your email: It can sign your messages, to prove that it was you who sent it and that the message wasn’t altered in transit and it can encrypt your messages, so no one but the recipient can read the contents.