Dan Neuman
Level 1 (0 points)

Q: iOS 7.1 Mail: How to remove S/MIME certificate for a contact

A contact no longer has an S/MIME X.509 signing certificate for e-mail. Mail still uses his old, unused, certificate to encrypt e-mails to him, which he cannot open.

 

How do I remove this certificate, or at least turn off encryption for e-mails to him? I still want to sign my e-mails, though.

Posted on Jun 21, 2014 9:55 AM

by Dan Neuman,Solvedanswer
Dan Neuman Dan Neuman
Level 1 (0 points)
A:

Looks like the easiest way to do this is find an e-mail from the contact with the digital signature on it. The contact's name should have a crest beside it. Clicking on the crest lets you see the certificate, where you can remove it and untrust it. This seemed to sync between my iOS devices, but I'm not sure.

 

If you do not have a signed e-mail, I don't know how you can do it. Removing the contact, and removing the address from previous recipients did not work as e-mails are encrypted again when I use the same destination address. You can, however, stop encrypting all e-mails by going into Settings > Mail, Contacts, Calendars > Accounts: your@account > Account: your@account > Advanced: Mail: your@account > Advanced > S/MIME: Encrypt > No. You'll also find your personal signing certificates here.

Posted on Jun 21, 2014 6:30 PM

Close
Dan Neuman

Q: iOS 7.1 Mail: How to remove S/MIME certificate for a contact

  • All replies
  • Helpful answers

  • by Dan Neuman,Solvedanswer

    Dan Neuman Dan Neuman Jun 21, 2014 6:30 PM in response to Dan Neuman
    Level 1 (0 points)
    Jun 21, 2014 6:30 PM in response to Dan Neuman

    Looks like the easiest way to do this is find an e-mail from the contact with the digital signature on it. The contact's name should have a crest beside it. Clicking on the crest lets you see the certificate, where you can remove it and untrust it. This seemed to sync between my iOS devices, but I'm not sure.

     

    If you do not have a signed e-mail, I don't know how you can do it. Removing the contact, and removing the address from previous recipients did not work as e-mails are encrypted again when I use the same destination address. You can, however, stop encrypting all e-mails by going into Settings > Mail, Contacts, Calendars > Accounts: your@account > Account: your@account > Advanced: Mail: your@account > Advanced > S/MIME: Encrypt > No. You'll also find your personal signing certificates here.

  • by Gengsheng,

    Gengsheng Gengsheng Jan 4, 2015 11:41 AM in response to Dan Neuman
    Level 1 (1 points)
    Jan 4, 2015 11:41 AM in response to Dan Neuman

    Thanks Dan. I have the same problem. However I have no (old) email with the old certificate. The contact still has the old certificate which is not valid anymore (valid time expired). I could use your trick to remove the certificate if the contact could send a mail signed with the old certificate. But up to now we did not find a way to send a mail signed with an outdated certificate. We even switched the system time - also did not work.


    Any idea?