Installing Digital Certificates in iOS

If you read an earlier post detailing the steps to create self-signed S/MIME certificates using OpenSSL, I left off at the point where the certificate is created and packaged in the PKCS12 format. In order for the certificate to be of any use, you’ll need to install it in an e-mail client. This post details the steps for installing digital certificates in iOS 9 on an iPhone and enabling S/MIME in this iOS Mail app.

Step 1 – Load the .p12 File on the iOS Device

E-mail a copy of the .p12 file to an e-mail address accessible on your iOS device. This isn’t the most secure way of loading it on the phone, but we’ll do it this way for simplicity in this post. Once you receive the e-mail with the attachment, tap the file attachment to begin the installation process.

S/MIME Certificate for iOS Installation
S/MIME Certificate for iOS Installation

Step 2 – Install the Profile

At this point, the device will prompt you to install the profile. Tap Install in the upper right corner. If your device is password protected, you will be prompted to enter your device passcode.

Install Profile on iOS
Install Profile on iOS

Since the digital certificate is self-signed and not signed by a well-known trusted certificate authority, you will receive a warning message that the profile is not signed. Continue by tapping Install in the upper right corner.

Install Profile Warning Message
Install Profile Warning Message

You will again be prompted to install the profile. Tap the Install button at the bottom of the screen.

Prompt to Install Profile
Prompt to Install Profile

You will then be prompted to enter the PKCS12 export/import password created when the .p12 file was assembled. Enter the password and tap Next in the upper right corner of the screen.

Prompt for Certificate Password
Prompt for Certificate Password

The profile and certificate are now installed. Click Done in the upper right corner of the screen.

Profile and Certificate Installation is Complete
Profile and Certificate Installation is Complete

Step 3 – Enabling S/MIME in iOS Mail

Now that you have the digital certificate loaded and a profile created, you may begin using it in iOS Mail.

  1. Open the Settings app
  2. Tap Mail, Contacts, Calendars
  3. Tap on an existing account name under the Accounts section
  4. Tap Account
  5. Tap Advanced
  6. Enable S/MIME
  7. Additional options for Sign and Encrypt by Default will be displayed
  8. Tap Sign
  9. Enable Sign and select the certificate installed in Step 2 if it isn’t automatically selected
  10. Return to the Advanced screen
  11. Tap Encrypt by Default
  12. Enable Encrypt by Default and select the certificate installed in Step 2 if it isn’t automatically selected
  13. Exit the Settings app
Enabling S/MIME Sign and Encrypt
Enabling S/MIME Sign and Encrypt

S/MIME is now enabled and ready to use your personal digital certificate the next time e-mail is sent from this account. Recall that S/MIME uses Public Key Encryption so you won’t be able to send an encrypted e-mail to someone until you have that individual’s public key installed.

Leave a Comment