Install S/MIME email encryption certificate on Apple iOS (iPad and iPhone)

Jul 24, 2017 04:01 · 376 words · 2 minute read

Step 1: Install private certificate

You should have received your private certificate via email in an encrypted .p12 file. This file is password-protected to keep it save until it arrives on your device. It’s always recommended to distribute the .p12 file and corresponding password via separate channels.



After opening the attachment, iOS will offer to install the certificate as identity profile. Choose install.



If you happened to have a passcode on your device, iOS will ask you for your passcode and then the certificate password. Be sure to enter the right password at the right time. Generally passcodes are numeric only. Certificate passwords also have letters.



After completing the Certificate import, you can go to Settings > General > Profiles to verify it was successfully installed.



Step 2: Set up email account for encryption

Next we need to make sure iOS Mail actually uses the certificate for signing and encryption. To do so go to Settings > Mail, Contacts and Calendar. Under accounts you should see the email account you wish to use the certificate with. The name and provider may vary. It’s only important that the sender address matches the certificate address.




After you have confirmed that certificate address and sender address match, go back to the previous screen and select Advanced. At the bottom you will find a setting called S/MIME.

Be sure to have this option enabled and pick the right certificate for signing and encrypting. Usually you will only see one certificate to choose from.






Step 3: Sending encrypted emails

Once you have completed these steps, you should be able to send and receive encrypted and signed emails.

A lock sign will indicate whether you have a recipient’s public certificate and can encrypt.

Also be sure to choose the right sender address, in case you have more than one account installed on your phone.



Step 4 (optional): Install contact’s certificates

To send encrypted messages to other recipients it’s necessary to possess their public certificate. Public certificates are distributed by signing emails. This will not only verify the sender, but also give the recipient a chance to install a public certificate.

To install a public certificate click the contact’s name, choose ‘view certificate’ and then ‘install’.