Hi,
I created a p12 certificate with oppenssl to use with s/mime. It works on a mac, with thunderbird, but not on ios. I can install .p12 and .crt certificates, they appear in "profiles" but not in mail...
What should i do?
Best
fred
iPhone 6s, iOS 9.2
So if you go to Settings -> Mail, Contacts, Calendars -> <Your Mail Account> -> <Account which corresponds to your cert> -> Advanced - is "S/MIME" on? If you click on "Sign", can you turn Sign on and is there a cert available?
Hi, *
mime is on but there is no possibility to turn sign on...
The certificate is not available from mail...
It's quite possible you have the wrong cert installed - doesn't match your email address, is expired, etc. Double-check those things. Also, check out this answer at StackExchange to purge your current cert(s) from your phone and start over - that could be the problem as well.
Hi,
have checked... doesn't work (although it does on mac or PC!)
# openssl genrsa -des3 -out ca.key 4096
# openssl req -new -x509 -days 365 -key ca.key -out ca.crt# openssl genrsa -des3 -out humble_coder.key 4096
# openssl req -new -key humble_coder.key -out humble_coder.csr# openssl x509 -req -days 365 -in humble_coder.csr -CA ca.crt -CAkey ca.key \
-set_serial 1 -out humble_coder.crt -setalias "Humble Coder's E-Mail Certificate" \
-addtrust emailProtection \
-addreject clientAuth -addreject serverAuth -trustout# openssl pkcs12 -export -in humble_coder.crt -inkey humble_coder.key \
-out humble_coder.p12And I send p12 by email... Any idea?Sorry - don't know enough about the "correct" params needed for a hand-crafted cert. And who knows - iOS may not like a self-signed cert.
I have opened a Radar bug (my public key won't get attached to outgoing emails) - we'll see what the devs say about this.
Hi,
if it's still interesting for you:
It seems, that you have to remove your account settings for your email provider, restart the ios device and install the email configuration again (don't forget to activate s/mime for that account).
In my case, the following params to create a new key and csr file runs perfectly in mail for mac os and iPhone/iPad:
openssl genrsa -out myKeyName.key -des3 4096
openssl req -new -key myKeyName.key -out myCsrName.csr
Then send the csr to the CA (i.e. startssl) and copy the crt-file from the CA into the directory with your key. After that, you can create the p12-file:
openssl pkcs12 -export -in nameOfCrtFile.crt -inkey myKeyName.key -out myOutFile.p12
After that, you can double click the p12-file in mac os, so that you can sign mails with Mail and you can send the p12-file to yourself and open it with the ios device (see above: remove mail settings, restart ios device, reconfigure mail setting with s/mime).
Hope it helps
s/mime and oppenssl
