When users (e.g. jdoe@acme.com) import a valid S/MIME certificate into their ID file, this enables them to send signed email. Usually the imported certificate will be set as their default signing certificate. The email listed in the certificate matches the users email used in their personal mailbox listed in the Domino Directory. Fine so far.
However, if users utilize the supported Team Mailbox functionality, they usually use a separate mailbox to send e.g. email with a different email address e.g. sales@acme.com. If they tick the sign checkbox in the team mailbox, they get a mismatch warning because jdoe@acme.com is different from sales@acme.com.
If these users import a S/MIME certificate for sales@acme.com, let's call that the group or team certificate, they have to designate either jdoe@acme.com or sales@acme.com to be their default signing certificate. They can not use both certificates simultaneously to either sign one or the other email address they are using.
I'd like to suggest that the Notes client selects the certificate from the ID file (ID vaulted) from the list of certificates in the ID file automatically if:
The idea here is that users can use different mailboxes without a cumbersome switching of the default signing certificate. If this functionality is added, users can send signed email (to fight phishing) regardless of the mailbox they are using seemlessly.
Currently users have to decide which mailbox should be used for signing as only one default signing certificate can be used now.
BTW:
Tip: to use this team mailbox scenario with signing, I had to remove the email address from the location "Online" document of jdoe@acme.com. Otherwise Notes complains about the mismatch of jdoe@acme.com and sales@acme.com. Other than that, it works. Notes Client used: 12.0.1 FP1