You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

S/MIME "No valid certificates found."

Ok, trying to set up S/MIME on my iPhone running software version 12.1.4. I'm using a self signed Certificate Authority (CA) which in turn signed the issued cert. Works fine for encryption on thunderbird, so the cert works. Imported it per instructions I found, along with the root cert. Can receive encrypted email, but unable to link the certificate to the account to send encrypted and/or signed. Screenshots attached:

Here is the main problem: Can't select certs.

Certs are installed

And Trusted

And I'm able to successfully decrypt, but not encrypt.

iPhone 6s, iOS 12

Posted on Mar 22, 2019 11:39 PM

Reply
Question marked as Top-ranking reply

Posted on Mar 24, 2019 2:23 PM

After Much research, I figured it out. I want to post the answer here because I found others with the same problem while I was googleing, and no one had a solution. The certificates I generated were basic OpenSSL certificates that while functional, only had the bare bones. These not working certs were created with these commands:

openssl genrsa -aes-256-cbc -out odinforce.net.key 4096
openssl req -new -x509 -days 365 -key odinforce.net.key -out odinforce.net.crt
openssl genrsa -aes-256-cbc -out rhys.ferris.key 4096
openssl req -new -key rhys.ferris.key -out rhys.ferris.csr
openssl x509 -req -days 365 -in rhys.ferris.csr -CA odinforce.net.crt -CAkey odinforce.net.key -set_serial 01 -out rhys.ferris.crt
openssl req -new -key rhys.ferris.key -out rhys.ferris.csr
openssl x509 -req -days 365 -in rhys.ferris.csr -CA odinforce.net.crt -CAkey odinforce.net.key -set_serial 01 -out rhys.ferris.crt
openssl pkcs12 -export -in rhys.ferris.crt -inkey rhys.ferris.key -name "Rhys Ferris" -out rhys.ferris.p12

These certs work for encryption, but are missing one key field when it comes to iOS. You see, iOS wants to be told what the cert is to be used for, that why it says "No Valid Certificates Found." It found certificates, but none were labeled for "Email Protection."

My attempts to manually manipulate the conf file for openSSL didn't work, but I eventually found this tutorial which did. It can easily be modified for your purposes by reading through and changing the config files.

Now that my certificates are properly labeled, iOS is happy to use them.

Hope this helps!

Rhys

Similar questions

1 reply
Question marked as Top-ranking reply

Mar 24, 2019 2:23 PM in response to rhysers

After Much research, I figured it out. I want to post the answer here because I found others with the same problem while I was googleing, and no one had a solution. The certificates I generated were basic OpenSSL certificates that while functional, only had the bare bones. These not working certs were created with these commands:

openssl genrsa -aes-256-cbc -out odinforce.net.key 4096
openssl req -new -x509 -days 365 -key odinforce.net.key -out odinforce.net.crt
openssl genrsa -aes-256-cbc -out rhys.ferris.key 4096
openssl req -new -key rhys.ferris.key -out rhys.ferris.csr
openssl x509 -req -days 365 -in rhys.ferris.csr -CA odinforce.net.crt -CAkey odinforce.net.key -set_serial 01 -out rhys.ferris.crt
openssl req -new -key rhys.ferris.key -out rhys.ferris.csr
openssl x509 -req -days 365 -in rhys.ferris.csr -CA odinforce.net.crt -CAkey odinforce.net.key -set_serial 01 -out rhys.ferris.crt
openssl pkcs12 -export -in rhys.ferris.crt -inkey rhys.ferris.key -name "Rhys Ferris" -out rhys.ferris.p12

These certs work for encryption, but are missing one key field when it comes to iOS. You see, iOS wants to be told what the cert is to be used for, that why it says "No Valid Certificates Found." It found certificates, but none were labeled for "Email Protection."

My attempts to manually manipulate the conf file for openSSL didn't work, but I eventually found this tutorial which did. It can easily be modified for your purposes by reading through and changing the config files.

Now that my certificates are properly labeled, iOS is happy to use them.

Hope this helps!

Rhys

S/MIME "No valid certificates found."

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.