Currently Being ModeratedJan 13, 2013 8:54 AM (in response to M a † † h e M a † † i c s)
Not sure if you already solved your problem...
But i want to share my findings on this topic.
I played with signatures and encryption on OS X some years ago.
At that time i used certificates from Thawte and it worked quite well ( after some trial and error ).
I could sign and encrypt messages between OS X clients ( mail, thunderbird ) and windows clients ( thunderbird ).
So now that i have some expensive iOS equipment ( iPad, iPhone, ... ) i wanted to see if S/MIME signing and encryption is possible between these machines.
Since Thawte is no longer providing free email certs i choose comodo.
I did some trial an error on requesting and collecting the certificate with both safari and firefox. It somehow worked and somehow not...
Then i came across this nice Howto article :
http://www.hoylen.com/articles/it/email/security/cert-comodo.html which helped me a lot.
I followed the steps explained there and managed to get signature and encryption of messages working on a macbook pro runnning ML and an iPad 2 running iOS 6.01.
Here are some things that caused trouble and confusion for me :
use of the browser for the request and collection of the cert
Some years ago it was not possible to collect and export the certificates with safari. You had to use mozilla/firefox to do this, because in safari there was no way to export the private key that was generated during the process.
It is possible now to collect the cert with safari and it wil be in the keychain after you collected it, so will be the private key ( with no name ! ).
In any case, request and collection of the cert has to be done with the same browser!!!
So my smart idea to request with firefox and collect with safari didnt work.
I personally prefer collection with firefox because it gives me thze possibilty to check the whole process and i like to import the .p12 file ( exported from firefox ) into an empty keychain so i can check what is in the package.
"moving" the certificate to the iOS device
Right now it seems that there are ( at least ) two options to bring the cert/key package to the iOS device.
- making a profile ofr the device with the cert/key included
- sending the cert/key package as a mail attachment
I used the latter one with success. Instead of exporting it from the keychain ( which i did before with some success ) i choose to mail the firefox exported ( see link above ) .p12 file to myself. After opening the attachment and providing the password my iPad added that as a profile.
This profile showed in the General->Profiles-> section of my Settings.
As the Original Poster mentions this profile is listed as "Not Trusted" ( in red color ).
I did not care and went on to my @me.com account in the Mail settings section.
There at the Account->Advanced->Advanced settings i switched on S/MIME and Sign and checked my cert under the Certificate section of Sign. It showed the certificate of my email adress as "Trusted" ( in green color ).
Under the "More Details" tab it showed 3 certficates, one of them my freshly collected email cert.
Currently Being ModeratedJan 13, 2013 10:47 AM (in response to pitotstatic)
the problem was solved some posts before your long (mostly wrong) firefox-add
so, i stop emailnotification at thos point.
Currently Being ModeratedJan 13, 2013 2:11 PM (in response to an.ke)
i just wanted to share my findings on this complex topic because it is hard to find the all the information you need to get email signing and encryption running on iOS.
could you be so kind and be more specific in why my post is"...mostly wrong..." ?
if you do, i would be happy to update ( or even delete! that post ).
what do you mean by " ... i stop emailnotification at thos point" ?
Currently Being ModeratedApr 2, 2013 7:53 AM (in response to Drew Covi)
I have had Comodo certificates working on the Macbook Pro and iPhone5 I have. Recently, after the iOS6 updates on the iPhone were made, I can no longer install a certifcate from a sender. Meaning, if somebody signs an email, and I click the blue icon there, and view certificte, and try to install it, nothing happens. I mean the button depreses to install, but it does not install.
Any ideas woudl be great!
Currently Being ModeratedJul 22, 2013 5:56 AM (in response to jrc*)
Your posting helped me sort out my issue (https://discussions.apple.com/message/22481016); your hint was very noteworthy.
Currently Being ModeratedSep 4, 2013 3:47 PM (in response to Marsaro)
if you've installed the comodo free email cert, dont forget to add this root ca too.
helped me to fix the untrusted flag.
Currently Being ModeratedFeb 2, 2014 9:35 PM (in response to M a † † h e M a † † i c s)
The anwer is elsewhere in the thread but this is what happens on Mavericks and iOS7...
Comodo cert installs in OSX mail easily by saving the P7 cert from Comodo and doubling clicking.
This results in keychain being updated
Then for iOS7, you have to export from Keychain.app the 'login' cert you just added as a .p12 file, and email to yourself. You have to pick a password for this file
You also have to export the Comodo CA Authority cert as a.cer file else the profile is untrusted (but still works).
To do this, search for "Comodo" in Keychain.app and right click onn the blue cert, select export
In iOS, inthe email you sent yourself, you have to click on the .cer file to add Comodo as a trusted profile, enter your device PIN, then done.
Then click on the .p12 file, type in you device PIN, then it asks for password you set on the export, then done
Actually order doesn't matter (I did it other way around)
Both Profile items should appear as 'trusted'.
Then go into advanced settings for for email account, select SMIME ON, then select the profile.
If you send youself an email, you should see the icon on the received email indicating it is digitally signed