Currently Being ModeratedOct 13, 2011 11:25 AM (in response to James Ferguson)
Same here. I cannot find any documentation referring how to set up S/MIME. I'm not even going to attempt the iPhone Configuration Utility - I need something that's easier to setup and manage so I can deploy to a few users within the organization.
Currently Being ModeratedOct 13, 2011 12:02 PM (in response to James Ferguson)
You don't have to use the iPhone Configuration Utility (although I would expect that to be an easier way to push out a bunch of certificates in one go), you can just send the certificate to the user in an email. On the iPhone you can then open the attachment and a profile is created for it. NB: You may need to tap and hold on the attachement to do this, I can't remember.
To actually use S/MIME you have to turn it on for the email account you want to use it with:
Settings -> Mail -> [the account] -> Account -> Advanced -> S/MIME
Seems to work well.
Currently Being ModeratedOct 13, 2011 12:07 PM (in response to James Ferguson)
iOS User Guide http://manuals.info.apple.com/en_US/iphone_user_guide.pdf page 55 describes how to do this.
Currently Being ModeratedOct 13, 2011 8:09 PM (in response to ChrisJ4203)
I followed Chris' link and Kevin's answer. Yes there are several ways to do this.
1. iPhone configuration utility if you want to install directly over USB and not worry about the unsecure email.
2. Export it as a .p12 file and email it to yourself or send somehow in iCloud and open it on the device.
3. Download it directly from the website that issues the private key certificate using mobile Safari.
Currently Being ModeratedOct 15, 2011 5:11 PM (in response to James Ferguson)
This doesn't work for me.
I have a free S/MIME certificate from http://www.instantssl.com/ssl-certificate-products/free-email-certificate.html
I downloaded the CollectCCC.p7s to my laptop, imported to keychain. I can export it to .cer, .pem, and .p7b but not .p12
I sent the .cer to my email on my iPhone 4s and installed it.
When I go to Settings -> Mail -> [the account] -> Account -> Advanced -> S/MIME
I enable it and then I try to enable "Sign" it doesn't let me do it.
It is grayed out. and under Certificates it says no valid certificates found.
I found the solution
When exporting the certificate from keychain. Look at the left hand side under category and select "My Certificates" first then right click and export to .p12
Then everything should work as advertised!
I was able to install my personal certificate via iphone configuration utility and its shown under "profiles" now. Unfortunately I couldn't select the certificate in the SMIME configuration of the coresponding mail account at my iPhone. If I try to switch on either signing or encrypting, the iPhone only shows "No valid certificates found"
My certificate is valid for email encryption and the email adress in this certificate is the same as the account uses.
If I also configure the whole emailaccount settings via the iPhone configuration utility everything works fine, but I'm not able to deactivate/activate the SMIME usage at the iPhone for this account.
Anyone who can help me?
I'm in the same boat. I've added my certificate to the phone via both the iPhone Configuration Utility and by emailing the PKCS12 file to myself and installing it out of the email on the phone. I still get "No valid certificate found" in the S/MIME preferences. The "profile" added via the configuration utility shows as "Verified", the one added via email shows as "Not Trusted". I've tried both configurations separately, and with both variants installed at the same time.
In case it matters my cert was issued by CAcert. I added CAcert's root certificate via the iPhone Configuration Utility as well.
Currently Being ModeratedOct 18, 2011 2:15 PM (in response to jasonheiss)
I'm also using certificates issued by CACert. I've allready tried the whole evening to get SMIME working and I think in the meanwhile I've tried almost every possible way to fix this problem. Unfortunately still without success.
The only way is still to set up the whole email account by the iPhone configuration utility.
Even renewing my certificate, which originally contained 2 email-adresses to one with only one email-adress didn't help.
Currently Being ModeratedOct 18, 2011 3:26 PM (in response to James Ferguson)
Guys, whilst it is actually possible to use self-signed and community certificates (like CAcert certificates) with S/MIME (you need to make sure you have a good full chain available) I feel I should advise against it.
1) Unless _everyone_ you send email to also has your self-signed root or the community certificate's hierarchy they will not be able to validate your email or send you encrypted mail. In which case, what is the point?
2) You can get a free and publicly valid personal certificates (home use only) from a number of CAs, e.g. http://www.comodo.com/
If you must persist with CAcert then I recommend that you get things going on a desktop mail client (e.g. Mail.app) first, then when you know that you have a good certificate (+ root and/or + hierarchy) you can transfer them to the iPhone.
Currently Being ModeratedOct 18, 2011 3:37 PM (in response to keith.smith)
It's a fair point that some (probably most) of my recipients won't be able to validate the signature, but I persist anyway to encourage them to go get the CAcert root. I don't really do it for the security, but more to promote CAcert just because I like the idea.
I've been using S/MIME in Mail.app with my cert from CAcert for years. I know the cert is fine.
Currently Being ModeratedOct 18, 2011 4:06 PM (in response to jasonheiss)
Since you area using this same Cert with Mail.app on your Mac, try this:
Start Keychain, on the left hand menu under categories, select my certificates, then export your cert as .p12 and send it to your email.
Open the email in your iphone and import it.
Go to S/MIME settings and check if it appears there.