Outgoing email signed by S/MIME cert, recipient unable to verify signature

 I've created an 'Email Security Plus' certificate from Digicert. Successfully added it to Email Protection/Encryption/Internal Users.

When I send an email from this account the recipient (myself at an iCloud.com address) gets this warning in Mail.app: "Unable to verify message signature. Mail was unable to verify the authenticity of the S/MIME certificate "me@mydomain.com". Messages signed by this user may be coming from a different source."

If I click on certificate info I can see a unchecked box with "Messages from "me@mydomain.com" are valid if signed by "James". Ie "James" is the Common Name of the cert.

Do I need to have Common Name = "me@mydomain.com"?

Or have I done something else wrong?

UTM Release 9.601-5