I ordered a certificate from verisign
"Digital ID for Secure Email"
I did it via Firefox
I filled in name and credit card info
and clicked accept.
A popup asked which key to use and I chose "Software device"
or something like that. I clicked a couple of times.
Then I got an email from verisign telling me
how to retrieve the certificate.
When I retrieved it, I got a webpage called sophia.exe
which contained some certificate and some HTML.
I stripped out the certificate and tried to import it
into Apples "Keychain Access", but I don't think it worked.
Eventually I went back to the Verisign site and went to
Support, and then to "Digital IDs for Secure Email Support"
Then I clicked on Retrieve to try to get the certificate
again. It said I had to use the same browser as before,
which I did, and this time it said everything went ok.
I went into Preferences, Advanced, Encryption, View Certificates,
clicked on my certificate and made a "backup" of it.
That created a pkcs12 file (.p12) which I was able to
import into Keychain Access.