after playing a bit with my own openssl solution i found some faults with my original posting. the obvious huge one had already been pointed out by a reader. i forgot about the web of trust that is broken by creating our own certificate. who’s to trust us? well apparently not apple. once you restart mail.app after having approved a cert from another user it forgets that you trust them. the next time you get a message from them you have to perform the signature hand shake again. the web of trust must be created somewhere, this is what the thawte certificate does for you. i have since download the free thawte certificate and will post later how well it worked for me.