If you read an earlier post detailing the steps to create self-signed S/MIME certificates using OpenSSL, I left off at the point where the certificate is created and packaged in the PKCS12 format. In order for the certificate to be of any use, you’ll need to install it in an e-mail client. This post details the steps for installing digital certificates in iOS 9 on an iPhone and enabling S/MIME in this iOS Mail app.
Step 1 – Load the .p12 File on the iOS Device
E-mail a copy of the .p12 file to an e-mail address accessible on your iOS device. This isn’t the most secure way of loading it on the phone, but we’ll do it this way for simplicity in this post. Once you receive the e-mail with the attachment, tap the file attachment to begin the installation process.
Step 2 – Install the Profile
At this point, the device will prompt you to install the profile. Tap Install in the upper right corner. If your device is password protected, you will be prompted to enter your device passcode.
Since the digital certificate is self-signed and not signed by a well-known trusted certificate authority, you will receive a warning message that the profile is not signed. Continue by tapping Install in the upper right corner.
You will again be prompted to install the profile. Tap the Install button at the bottom of the screen.
You will then be prompted to enter the PKCS12 export/import password created when the .p12 file was assembled. Enter the password and tap Next in the upper right corner of the screen.
The profile and certificate are now installed. Click Done in the upper right corner of the screen.
Step 3 – Enabling S/MIME in iOS Mail
Now that you have the digital certificate loaded and a profile created, you may begin using it in iOS Mail.
- Open the Settings app
- Tap Mail, Contacts, Calendars
- Tap on an existing account name under the Accounts section
- Tap Account
- Tap Advanced
- Enable S/MIME
- Additional options for Sign and Encrypt by Default will be displayed
- Tap Sign
- Enable Sign and select the certificate installed in Step 2 if it isn’t automatically selected
- Return to the Advanced screen
- Tap Encrypt by Default
- Enable Encrypt by Default and select the certificate installed in Step 2 if it isn’t automatically selected
- Exit the Settings app
S/MIME is now enabled and ready to use your personal digital certificate the next time e-mail is sent from this account. Recall that S/MIME uses Public Key Encryption so you won’t be able to send an encrypted e-mail to someone until you have that individual’s public key installed.