Internal - Enabling Client Certificates for iOS Mail

August 9, 2018

Installing the S/MIME Certificate on your iOS Device
When you receive your certificate from InCommon, it will be encrypted in the PKCS 12 format (.p12 or .pfx), using the PIN you created for it at the time of request. You will need this PIN to install the certificate.

To use Client Certificates on an iPhone, iPad, or iPod Touch, iOS 5 or later is required.

You should already have your certificate file from InCommon on your personal computer. If you are unable to find your certificate file you can export it from the certificate management application for your computer.

Installing on iOS devices

  1. Install the "InCommon Standard Assurance Client CA" certificate on your iOS device; this allows your own certificate to appear as "Trusted":
  1. On your iOS device, go to: http://cert.incommon.org/InCommonStandardAssuranceClientCA.crt
  2. On the Install Profile screen, you will see the "Trusted" certificate file to install. Tap Install.
  3. A notice will inform you that installing this profile will change settings on your device; tap "Install Now".
  4. If prompted, enter your device passcode. Tap "Done".
  1. From your computer, send yourself an email message with your certificate.p12 or certificate.pfx file as an attachment.
  2. On your iOS device, open the email message. Tap the attached file to start the installation.
  3. On the Install Profile screen, tap "Install".
  4. A notice will inform you that the unsigned profile will change settings on your device; tap "Install Now".
  5. If prompted, enter your device passcode. Enter the passphrase or PIN for your certificate, and tap "Next".

The next screen will indicate that the profile is "Trusted" and that it has been installed. If the certificate says "Not Trusted", you may not have successfully installed the "InCommon Standard Assurance Client CA" certificate above.

Enabling Client Certificates for iOS Mail
Enabling these options will allow you to digitally sign all e-mail sent from your device. You also have the option to send encrypted e-mail.

  1. Go to Settings then down to Mail, Contacts and then Calendars.
  2. Select your UI Exchange e-mail account associated with your Client Certificate.
  3. Tap the Account button with your University email address.
  4. On the Account screen, change the "S/MIME" setting to "ON". The "Sign" and "Encrypt" options are off by default.
  • To enable signing, tap "Sign", and then select your certificate. This will digitally sign every email you send from your university email account on this device.
  • To enable encryption, tap "Encrypt", and then select your certificate.

Note: The encryption option will attempt to encrypt all correspondence from your iOS device. If you do not have the public certificate for a recipient, the email message will not be encrypted. If you do not want to encrypt all email you send from your device, you should not enable encryption.
E-mail clients not using S/MIME or Client Certificates will not be able to view encrypted e-mail. Clients that cannot use Client Certificates include OWA (Outlook Web Access/ HawkMail) through Chrome, Firefox, and Safari; recipients who use one of these clients will be unable to view encrypted e-mail. All e-mail clients can view signed email.