Step 1: Install private certificate 🔗
You should have received your private certificate via email in an encrypted .p12 file. This file is password-protected to keep it save until it arrives on your device. It’s always recommended to distribute the .p12 file and corresponding password via separate channels.
After opening the attachment, iOS will offer to install the certificate as identity profile. Choose install.
If you happened to have a passcode on your device, iOS will ask you for your passcode and then the certificate password. Be sure to enter the right password at the right time. Generally passcodes are numeric only. Certificate passwords also have letters.
After completing the Certificate import, you can go to Settings > General > Profiles to verify it was successfully installed.
Step 2: Set up email account for encryption 🔗
Next we need to make sure iOS Mail actually uses the certificate for signing and encryption. To do so go to Settings > Mail, Contacts and Calendar. Under accounts you should see the email account you wish to use the certificate with. The name and provider may vary. It’s only important that the sender address matches the certificate address.
After you have confirmed that certificate address and sender address match, go back to the previous screen and select Advanced. At the bottom you will find a setting called S/MIME.
Be sure to have this option enabled and pick the right certificate for signing and encrypting. Usually you will only see one certificate to choose from.
Step 3: Sending encrypted emails 🔗
Once you have completed these steps, you should be able to send and receive encrypted and signed emails.
A lock sign will indicate whether you have a recipient’s public certificate and can encrypt.
Also be sure to choose the right sender address, in case you have more than one account installed on your phone.
Step 4 (optional): Install contact’s certificates 🔗
To send encrypted messages to other recipients it’s necessary to possess their public certificate. Public certificates are distributed by signing emails. This will not only verify the sender, but also give the recipient a chance to install a public certificate.
To install a public certificate click the contact’s name, choose ‘view certificate’ and then ‘install’.