Email cert for S/Mime not working with iOS 6 update

Same here! I got a fresh "free email cert" from comodo, it is trusted on Mac OS 10.8.2 keychain-info, but if I export this cert (.p12) and try to install on iOS 6 (iPhone5 or iPhone4) it will not be trusted.

On a iPhone4 running iOS5 the cert will be trustet.

Exactly the same issue here.

Certificate works fine on Lion, Mountain Lion, and iOS5, but shows up as "Not Trusted" on iOS 6.

My certificate is also from Comodo.

ditto here, if anyone sorts this out please let us know. This is driving me mad. 🙂

A friend of mine is using a certificate from http://www.startssl.com on his iPhone 5 without any issues.

I'll give it a try when I get a chance, but it won't be until next week now. If anyone else tries a certificate from a different CA, please post back with your results.

Edit: Are you all using certificates from Comodo?

This did the trick! Suffice to say it still wasn't totally easy, and you'll need to make sure you go to the StartCom CA Certificates section to download the Class 1 Intermediate Client CA first.

Once you have that simply create a certificate for each e-mail address you have, and it should automatically install through your browser.

After that simply export it from the keychain (I toggled the box and selected both the key and the cert) and export it to the .p12 file.

Then email these certs to your iOS device. Be careful though, because the S/MIME section for me on iOS6 was VERY flaky. I had to completely remove the old certs, hit the done button AND back all of the way out of my mail settings. If I didnt back all of the way out, I would often find that the S/MIME settings wouldn't "stick". Once I had everything removed and double checked that it stuck, I installed my new certs, set my S/MIME preferences and backed all of the way out of settings.

Only then was I finally able to send emails properly. But hey. It's done! 🙂

Excellent......thanks for posting back Drew. I'll get myself a new certificate next week from startssl 🙂

BTW...The mail settings screens caught me out a few times yesterday too when I was setting which certificate to use for signing/encryption. You kind of just expect the settings to save when you back out of a screen, but you have to come back to the "Account" screen, and hit "Done".

If i have to download/install a root-cert for using my email-cert, then i could use cacert.org too,. The reason why I liked to use comodo is, the comodo-root is allready installed on most keychains. Every people you will send your signature, will see a untrusted-msg until he install the root-cert too or manually trust your signature. So using cacert.org or StartCom is no solution for me. I hope Apple will fix the keychain issue on iOS6 soon.

Okay so I can't say if its due to any of the previous steps before or its related to how the Comodo Cert was created, but im banking on its how the comodo cert was created:

According to this:

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid =1352

Unless you START the process with Safari (or at least NOT Chrome) you'll run into issues, which may be the issues I was having.

After doing this, and going through the entire same process, I was able to CHANGE my certs from startssl BACK to comodo but this time without any issues.

I also didnt remove my startssl certs until after I had switched them to comodo, just to be sure.

Still hoping for a solution with the Comodo certs.

We use it for our organization so switching to another provider is really not an option.

So... there's at least 3 things in iOS6 that don't work well for me now:

1. Maps (not deal breaker - I use Waze mostly)

2. Certs in Mail

3. Mail no longer allows 'flagging' of messages.

#wouldstevehaveletitoutthegates

Sorry if I wasn't clear but I'm currently rolling without issue using my comodo certs. See above.

(Apparently my other alias was used. Wfbnadador )

Here is my workaround to fix the problem with the comodo-cert on iOS6:

You need a mac with working comodo-cert installed to follow my steps.

This mean you should be able to send yourself a signed and/or crypted email with mac-mail-app using your comodo free email cert.

- open keychain-app on mac and select certifikates on bottom left

- typ into top-right search-fild "comodo"

- you should see a "COMODO Client Authentication and Secure Email CA" - cert with a blue icon (not the brown icon)

- right-click on the cert and export it as a certifikat type (.cer)

- email the exported cert to your iOS device

- open the email on iOS and install this cert, it will be tusted (!!)

- and from now on, all your comodo-free-email-certs will be trusted like in iOS5

This is the missing cert on the iOS6-keychain. Hopefully will be fixed soon.

Remember, you have to install the Cert on _all_ your iOS-devices to use your email-certs from comodo.

hope this helps... greetings from berlin 🙂

OUTSTANDING!!!

Thank you, or Terima Kasih as we say in Malaysia. 🙂

Thanks an.ke......I'll give this a try today. I do however wonder why we need to go through this extra step with iOS6.

@Drew

I'm not sure what fixed it for you mate, as my certs were all created, and downloaded through Safari on my Mac. I was then emailng them to myself as a P12 file.

After speaking to a friend of mine, it seems that a better way than emailing the P12 to myself, is to use the iPhone Configuration Utility, and install the certs as configuration profile. I'm going to try this before manually installing the Comodo CA cert, just to see if it makes a difference.

@azsharom

Flagging of messages works just fine mate. When in a message, just hit the flag at the bottom left of the screen and select "flag". If you want to flag multiple messages, then hit the edit button in the messages list, select your messages, then hit "mark", and hit "flag".

@ventmore unfortunately on my iPhone 4S, in Mail I only get the option to 'Mark as Unread' when I tap the flag icon. Worked fine with iOS 5.1.1. I didn't get any error messages when I updated from 5.1.1. to 6 over-the-air.