Knowledge Base
How to Configure an email S/MIME certificate with iOS Device
If you have already collected the certificate on your computer, first you need to export it into a PFX/P12 format.
When doing this, make sure you export the private key.
Include all certificates in the certificate path if possible.
You must also specify a strong password to protect the certificate file.
Once exported, you can email the certificate file to your iOS device or transfer it in some other manner
(for example, copy to a USB drive or upload then download from online storage).
Importing your certificate into iPhone/iPad:
-
Locate and open the .p12 file that contains the certificate you wish to import.
Tap the Install button to download the profile.
Now you have to review the profile in the Settings app if you want to install it
-
Click on the downloaded profile to Install.
-
Install the profile. Once it has been accepted, iOS will automatically import your certificate.
You might see a confirmation dialog box, similar to the one shown below.
-
Tap Install, enter the PFX/P12 password, and hit Done to exit the wizard.
Now you can locate your downloaded configuration profile under VPN & Device Management.
If your P12 certificate does not have the intermediate chain files, you might receive an error like below,
Now you have to install the intermediate certificates from Sectigo to avoid the “Not Verified or trust-related errors”.
Please check if you have installed all the “SectigoRSAClientAuthenticationandSecureEmailCA.crt and USERTrustRSACertificationAuthority.crt CA chain certificates.
This certificate can now be used to digitally sign and encrypt your emails and/or authenticate your identity.
Next, you need to assign your certificate to your email account.
Enable S/MIME for your mail account:
-
Open iOS Settings
then open Mail and select Accounts.
-
Open the mail account that matches your certificate and open its Advanced settings.
The location of the Advanced row may vary between versions of iOS.
-
On the advanced settings page, scroll down to S/MIME and turn it ON.
Doing so will reveal the Sign and Encrypt options:
Background information:
-
Signing authenticates and attests to the integrity of your email by ensuring the recipient knows the email has come from you and by alerting them if the email has been modified since the time you sent it.
-
Encryption ensures the privacy of your email by ensuring that only the recipient can decipher and view the email content. In order to encrypt email you must have the recipient's digital certificate installed on your device and their certificate must be assigned to the relevant entry in your address book.
Enable signing and encryption:
Note - enabling the Sign/Encrypt options here will apply the action to all outbound emails from this account.
Messages cannot be signed/encrypted on a per-message basis.
To digitally sign email:
-
Once S/MIME is activated, tap Sign.
-
Slide the Sign switch to ON.
-
Your certificate will likely already be selected with a checkmark next to it.
If you have multiple certificates installed, choose the appropriate one.
To encrypt email:
-
Once S/MIME is activated, tap Encrypt.
-
Slide the Encrypt switch to ON.
-
Your certificate will likely already be selected with a checkmark next to it.
If you have multiple certificates installed, choose the appropriate one.
Note: If encryption is enabled, it is advisable to enable signing also so that
new recipients can obtain your public key and send encrypted mails to you.
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
