Skip navigation

Email cert for S/Mime not working with iOS 6 update

12487 Views 36 Replies Latest reply: Feb 2, 2014 9:35 PM by Greencard RSS
1 2 3 Previous Next
M a † † h e M a † † i c s Calculating status...
Currently Being Moderated
Sep 20, 2012 5:33 AM

Hi,

 

I updated to iOS 6 on iphone 4s - and have had a problem with my email certificate installation.

 

When I go into Setting => General => Profiles it displays "Not Trusted"

but this same certificate is "Trusted" and working on my iPad 2 ( still on iOS 5.1.1 )

 

If anyone understands what may be the problem I would appreciate your help

 

Thanks in advance.

iPhone 4S, iOS 5.1
  • an.ke Level 1 Level 1 (0 points)

    Same here! I got a fresh "free email cert" from comodo, it is trusted on Mac OS 10.8.2 keychain-info, but if I export this cert (.p12) and try to install on iOS 6 (iPhone5 or iPhone4) it will not be trusted.

    On a iPhone4 running iOS5 the cert will be trustet.

  • ventmore Level 1 Level 1 (0 points)

    Exactly the same issue here.

     

    Certificate works fine on Lion, Mountain Lion, and iOS5, but shows up as "Not Trusted" on iOS 6.

     

    My certificate is also from Comodo.

  • Drew Covi Calculating status...

    ditto here, if anyone sorts this out please let us know. This is driving me mad.

  • ventmore Level 1 Level 1 (0 points)

    A friend of mine is using a certificate from http://www.startssl.com on his iPhone 5 without any issues.

     

    I'll give it a try when I get a chance, but it won't be until next week now.  If anyone else tries a certificate from a different CA, please post back with your results.

     

    Edit: Are you all using certificates from Comodo?

  • Drew Covi Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 22, 2012 10:42 AM (in response to ventmore)

    This did the trick!  Suffice to say it still wasn't totally easy, and you'll need to make sure you go to the StartCom CA Certificates section to download the Class 1 Intermediate Client CA first.

     

    Once you have that simply create a certificate for each e-mail address you have, and it should automatically install through your browser.

     

    After that simply export it from the keychain (I toggled the box and selected both the key and the cert) and export it to the .p12 file.

     

    Then email these certs to your iOS device. Be careful though, because the S/MIME section for me on iOS6 was VERY flaky.  I had to completely remove the old certs, hit the done button AND back all of the way out of my mail settings.  If I didnt back all of the way out, I would often find that the S/MIME settings wouldn't "stick".  Once I had everything removed and double checked that it stuck, I installed my new certs, set my S/MIME preferences and backed all of the way out of settings.

     

    Only then was I finally able to send emails properly.  But hey. It's done!

  • ventmore Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 22, 2012 11:01 AM (in response to Drew Covi)

    Excellent......thanks for posting back Drew.  I'll get myself a new certificate next week from startssl

     

    BTW...The mail settings screens caught me out a few times yesterday too when I was setting which certificate to use for signing/encryption.  You kind of just expect the settings to save when you back out of a screen, but you have to come back to the "Account" screen, and hit "Done".

  • an.ke Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 22, 2012 12:48 PM (in response to Drew Covi)

    If i have to download/install a root-cert for using my email-cert, then i could use cacert.org too,. The reason why I liked to use comodo is, the comodo-root is allready installed on most keychains. Every people you will send your signature, will see a untrusted-msg until he install the root-cert too or manually trust your signature. So using cacert.org or StartCom is no solution for me. I hope Apple will fix the keychain issue on iOS6 soon.

  • wfbnadador Level 1 Level 1 (10 points)
    Currently Being Moderated
    Sep 22, 2012 2:11 PM (in response to an.ke)

    Okay so I can't say if its due to any of the previous steps before or its related to how the Comodo Cert was created, but im banking on its how the comodo cert was created:

     

    According to this:

     

    https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid =1352

     

    Unless you START the process with Safari (or at least NOT Chrome) you'll run into issues, which may be the issues I was having.

     

    After doing this, and going through the entire same process, I was able to CHANGE my certs from startssl BACK to comodo but this time without any issues.

     

    I also didnt remove my startssl certs until after I had switched them to comodo, just to be sure.

  • azsharom Level 1 Level 1 (0 points)

    Still hoping for a solution with the Comodo certs.

     

    We use it for our organization so switching to another provider is really not an option.

     

    So... there's at least 3 things in iOS6 that don't work well for me now:

     

    1. Maps (not deal breaker - I use Waze mostly)

    2. Certs in Mail

    3. Mail no longer allows 'flagging' of messages.

     

    #wouldstevehaveletitoutthegates

  • Drew Covi Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 24, 2012 8:42 PM (in response to azsharom)

    Sorry if I wasn't clear but I'm currently rolling without issue using my comodo certs. See above.

  • Drew Covi Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 24, 2012 8:43 PM (in response to azsharom)

    (Apparently my other alias was used. Wfbnadador )

  • an.ke Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 25, 2012 12:08 AM (in response to azsharom)

    Here is my workaround to fix the problem with the comodo-cert on iOS6:

    You need a mac with working comodo-cert installed to follow my steps.

    This mean you should be able to send yourself a signed and/or crypted email with mac-mail-app using your comodo free email cert.

     

    - open keychain-app on mac and select certifikates on bottom left

    - typ into top-right search-fild "comodo"

    - you should see a "COMODO Client Authentication and Secure Email CA" - cert with a blue icon (not the brown icon)

    - right-click on the cert and export it as a certifikat type (.cer)

    - email the exported cert to your iOS device

    - open the email on iOS and install this cert, it will be tusted (!!)

    - and from now on, all your comodo-free-email-certs will be trusted like in iOS5

     

    This is the missing cert on the iOS6-keychain. Hopefully will be fixed soon.

    Remember, you have to install the Cert on _all_ your iOS-devices to use your email-certs from comodo.

     

    hope this helps... greetings from berlin

  • azsharom Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 25, 2012 12:12 AM (in response to an.ke)

    OUTSTANDING!!!

     

    Thank you, or Terima Kasih as we say in Malaysia.

  • ventmore Level 1 Level 1 (0 points)
    Currently Being Moderated
    Sep 25, 2012 12:40 AM (in response to an.ke)

    Thanks an.ke......I'll give this a try today.  I do however wonder why we need to go through this extra step with iOS6.

     

    @Drew

    I'm not sure what fixed it for you mate, as my certs were all created, and downloaded through Safari on my Mac.  I was then emailng them to myself as a P12 file.

     

    After speaking to a friend of mine, it seems that a better way than emailing the P12 to myself, is to use the iPhone Configuration Utility, and install the certs as configuration profile.  I'm going to try this before manually installing the Comodo CA cert, just to see if it makes a difference.

     

    @azsharom

    Flagging of messages works just fine mate.  When in a message, just hit the flag at the bottom left of the screen and select "flag".  If you want to flag multiple messages, then hit the edit button in the messages list, select your messages, then hit "mark", and hit "flag".

1 2 3 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.