not being a Firefox user this above solution took me ages to figure out, so those like me here it is:
in Firefox, click the three little lines top right of the window, pulls down a menu, choose Preferences, then ON THE LEFT of the window, under General,Home, Search appears Privacy & Security - click that
SCROLL TO THE BOTTOM
and there is “Certificates” - OVER ON THE RIGHT are two rectangular “buttons” click “View Certificates”
a POP UP appears (make sure you don’t have popups blocked) it says “Certificate Manage” in the window title, click on “Your Certificates” JUST BELOW the title and therein is my COMODO CA Limited certificate shown on a line (shows my email address I want secured), select it (click on it once)
DOWN THE BOTTOM of the window are 5 rectangular buttons, click “Backup…”
a SaveAs dialogue opens, choose a name you like (no spaces is probably wise) and a .p12 (extension) at the end.
Choose a suitable location on your computer.
Click save. (and enter a suitable password when asked, for the file, which will be requested by keychain.app upon import)
NOW (Finally) keychain.app
click on my certificates
I used drag and drop to drop my downloaded cert into my certificates, it asked for the above entered password and then the cert appeared in my certs and apple mail (close it, open it) finally shows the secured icon on the right of emails being written…
My personal opinion
It’s about time the industry, with all its claims about security and telling us all the sites we know are secure are not (like on my home network!) and that they are unsafe, which in my opinion is fear mongering for profit; should get its act in order and build all this properly in to everything . My view is with the exception of large corporate stuff, we are being ripped off for a few text files. It’s just money for the boys - and a massive theft of my time for their profit. We should be able to roll out SPF, DKIM and dmarc without the complexity that also entails; and it means we don’t need these certificates if DNS is employed as it could be. Make it all server side and not user based also enabling the block of much of the spam we suffer at the same time.
COMODO - First time ever I got a certificate to actually work. Well done (aside from the inordinate complexity)