How do I delete outdated S/MIME certificates in my iphone 5s

I just came a cross this problem with a number of phones. First I tried deleting the account and setting up again but still had the same problem. I then removed the account, but this time when setting up again gave the account a different name to what is automatically entered - this resolved the problem for me.

I think, I got the solution, it worked on both of my Phones!

Apparently, you can only store 1 S/MIME certificate per email-address on the iPhone.
I had to find an old Email with the outdated certificate, that was stored on the phone, and then tap on the senders name, then tap "Show Certificate", you should see a "Delete"-Button instead of the "Install"-Button. (On one phone, I had to go three years back to find an email with the stored cert.) Delete it, and you can install a valid certificate the same way you uninstalled the old/wrong one.
I'm not entirely sure that I got all the button's names right, I have german settings 😉

BTW, this is still not fixed in iOS11. Doh! I wrote a bug many years ago that was closed out as dup, so I can't see the status of the issue. However, I was able to find an old email and that solved my problem. Thank you! This has been driving me nuts for years. Since it's security related, I'm not sure why this has not received more attention.

Me too, on iOS 8.4.1, and this has been a problem since iOS 7. Any solution? I'm going to file a bug report.

I figured out how to delete expired S/MIME certificates and possibly how to scale iOS S/MIME for future certs -- I can't tell if the solution is a bug or a feature.

To delete all trusted S/MIME (and TLS) certificates:

iOS>Settings>General>Reset>Reset All Settings

You'll have to do this whenever one of your contact's S/MIME certificates expires, which, if they're on an enterprise PKI, will happen every year. This greatly limits the usefulness of iOS S/MIME because it's a major PITA to renter all your settings and VPN configurations every time an S/MIME certificate expires.

I am hoping the following solution works to avoid this problem with iOS:

• Do NOT follow Apple's advice in the support document "Send an encrypted message to someone outside your Exchange environment". Specifically, do NOT manually trust the certificate by hitting View Certificate>Install because (I believe) this will keep a trusted certificate in your keychain after this certificate expires and is replaced. iOS will not let you install an updated certificate with the same RFC 822 Name (email address), and will continue to encrypt using the same trusted-but-expired certificate. After hitting Install, you'll have to Reset All Settings to get rid of it (bad).
• 
• Rather, View Certificate, then request a copy of the Root Certificate Authority (.cer) and, if necessary, the Intermediate CA (.cer) that signs the sender's cert. Install these .cer certificates in your System Profiles. In my experience, I need both the Root and Intermediate CAs for iOS.
• Now (I believe), S/MIME signing and encryption certs will be added to your keychain as trusted by the Root and Intermediate CAs. But expired certs will neither be trusted nor used, allowing the updated and trusted (via the root CA) cert to used correctly.
• This approach also works if you run your own OS X Server Mail service and cut your own trusted S/MIME certs.

Nope -- this also fails to remove the old certificate. iOS's PKI handling appears to be fundamentally broken. Please file bug reports.

There is way to remove old S/MIME certificates IF you have old signed email from the person. Search back through your mail and examine the certificate until you find an old one with a red Remove button rather than a blue Install button. Remove the old cert and go forward and install the new cert. AFAIK, this is the only way to remove S/MIME certificates short of reinstalling a factory iOS.

You'll have do this separately for every contact on every iOS device every time a cert expires. This obviously scales horribly, and you can spend an hour or more searching through old email certs looking for the one to remove, especially if the PKI certs are updated at irregular periods. In one case, I had to use OS X Mail.app's better search capability to copy thousands of old emails into a temp mailbox just to be able to search for certs on iOS.

Please file bug reports.

Thankfully Apple resolved this issue in iOS 9.0.2. If you try to install a new S/MIME certificate over an existing installed cert with the same email, there is a new dialog box that asks if you want to replace the old cert. S/MIME on iOS works nicely now.

Update: The new dialog appears on iPads, but not iPhones, so this remains an open issue. Confirmed on iPad 2, 3, Air 2, and iPhone 5S and 6. Please file bug reports.

Me too. Public keys added through the View Certificate/Install route could not be replaced just before they expired. When it was hit the 'Install' button did not change to 'Remove' (in red). eMails sent to that recipient continue to be encrypted using the old public key. As we'd only played with S/MIME last year we'd both deleted that year's expired private key (General\Profiles) as a result we could not decrypt each others mails. After much pain I gave up trying to fix the problem by removing the old keys. Instead I've worked around it by re-installing our old private keys - after much restoring of stuff from backups.

Roll on the long-waited fix for iPhone called for by essandes in his posts of 1-Oct-15.

I'm using an iPhone 5, 4s and iOS 9.0.2.

BTW, I see two bugs in what I described:

Bug1: When it was hit the 'Install' button did not change to 'Remove' (in red).

Bug2: eMails sent to that recipient continue to be encrypted using the old public key even after it had expired.

The fact that public keys have to be removed manually for each and every user using an old email instead of simply being overwritten by the new public key is a real nuisance that just costed me a couple of hours. Handling of public keys must be improved urgently in iOS, otherwise S/MIME encryption is far from being usable on iOS devices in practice. It should at least be possible to overwrite old certificates by new ones, which is preferably carried out automatically if an email signed with a new certificate is received - as implemented in many other mail agents (e. g. Thunderbird).

Furthermore, in no way an outdated, i. e. invalid, public key should be used for encryption as presently done, least of all without even notifying the user!

Does anyone know if this is still an issue in iOS 9.3?

I'm having this issue in 9.2.1 and unfortunetly I don't have an old email for one of the certificates to remove that way.

It's still a problem for iOS 9.3 on iPhones.

Thats not good.

So, does resetting all settings remove certificates?