Scenario
I'm using Apple Mail and S/MIME to encrypt my e-mails. If there is a certificate for an e-mail address I want to send an e-mail to, everything is fine. After inserting the e-mail address, Mail enables the blue lock and the e-mail is sent encrypted.
My problem is now: If I want to send an encrypted mail to a person whose certificate I have but this certificate is issued to an alias of the e-mail address the lock won't be enabled because mail does not find a certificate for that address.
Example
I have a (public) certificate installed for firstname.lastname@domain.com
I want to send an e-mail to lastname@domain.com encrypted with the certificate of firstname.lastname@domain.com because the two addresses are aliases.
Nevertheless, Mail cannot encrypt the e-mail because it doesn't find a certificate for that address.
Question
Is there any way to configure Mail that for encrypting e-mails to lastname@domain.com the certificate of lastname@domain.com has to be used?
Best Answer
That is not possible. It is the certificate that specifies the email address it can be used with. The allowed email address is in the email field, as well as in the rfc 822 name field, where more than one email address can be given.
It does not make sense to allow the sending client to use a certificate for email addresses that are different from those allowed by the certificate, because that presumes knowledge about internal alias mappings on the recipient side. If the recipient could and would want to accept emails encrypted with the certificate to any additional email addresses, they should have been listed in the certificate.