# [SOLVED] MacOSX Mail : Unable to verify signature



## Mike26April (Mar 31, 2021)

When opening a digitally signed email from 1 particular sender, using Mac Mail, while running MacOS 11 (Big Sur) with the latest updates, I'm encountering the following warning:









Regretfully the reason why the digital signature is deemed incorrect by Mac Mail is not stated.

What I've ruled out thus far:
1) The used S/MIME certificate is still valid and not revoked
2) The Issuing CA and the corresponding trust-chain are present in the Mac key-chain
3) The email highly likely did not get manipulated once sent or received, as the mail travels from and to the same mailserver, and not inspection software or hardware is installed
4) The email digital signature did not get corrupted just for this particular email, as other emails from the same user also give the same warning

What I further more observe:
a) The same email when opened on a Windows 10 system with Outlook does not give a warning
b) The same email when opened on Outlook online does not give a warning
c) The same email when opened on Outlook for Mac on the same Macbook also gives the same warning, but also does not specify what's exactly wrong
d) Other digitally signed emails using the same S/MIME certificate provider (GlobalSign) are not being flagged

Does anybody have any ideas on what might be wrong in the Mac and/or MacMail settings that's causing this particular warning and more importantly hot to possibly resolve?


----------



## spunk.funk (May 13, 2010)

See if this helps Unable to Verify Message Signature (when … - Apple Community


----------



## Mike26April (Mar 31, 2021)

Solved it 

It's a bug in MacMail

To summarize what causes the bug:
When an email gets clear text digitally signed with a valid S/MIME certificate, and its sent to an Exchange server, and MacMail fetches the signed email, then MacMail preview pane cannot validate digital signature.

When using opaque digital signing then MacMail can validate the digital signature in the preview pane.

The solution for now is: switch off clear text signing in Outlook.
The downside of opaque signing is that less advanced mail clients will display the digitally signed email as an smime.p7m attachment.


----------

