Page 2 – Encrypted Email Needs Certificates
To Start Encrypting Email With iOS Mail, You Need Your Certificates
That’s the beginning point, so let’s start there. This tutorial assumes you have already set up S/MIME signatures and encryption in Apple Mail for macOS Sierra. If you haven’t, follow this how-to first. Once that’s done, you need to copy your certificate file to a location that has Files access on iOS, such as your iCloud Drive.
Next, Install the Certificate to iOS
Now, you should open the Files app on iOS, and navigate to the folder in which you placed your S/MIME certificate. Tap the certificate, and you’ll get a message that your profile is downloaded. From there, go back to the Settings app, then tap on General. Tap Profiles, then tap the downloaded certificate.
Tap on Install in the upper right corner of the next window. You’ll be asked to enter your passcode, so go ahead and do so. On the following screen, you should tap Install once again.
A warning popup will appear, telling you the profile is unsigned. Ignore the warning (trust me), and tap Install in the top right corner. Now, enter the password from that final screen when you requested your S/MIME certificate and tap Next.
Next: Setting Up S/MIME on iOS
This article worked great for the Mail app in iOS 10.x, but then Apple released iOS 11 and blew everything up. It would be most helpful if an updated version of this article for iOS 11 couild be posted.
Thanks!
Many thanks for this article. It’s a great help for those of us who need to set up encrypted mail on iOS and can’t use Apple’s Configurator 2 utility to do it.
@khurt: The procedure described in the article above isn’t “doing it wrong”. It’s currently the only way that makes it possible to set up encrypted mail in iOS for anyone who is using anything other than macOS 10.12.2.
In my case, I’m in the middle of a project on my Mac Pro (running Yosemite 10.10.5) that will extend to December. Alas, thanks to the tyranny of the App Store, there is no version of Configurator available that will run in Yosemite. Configurator 2 is all that is available, and it runs only on macOS 10.12.2.
I have hundreds of apps and plugins, and disrupting my workflow with a new system installation in the middle of a project would be an idiotic move. No thanks. This article made it possible for me to set up encrypted mail on my iPad, despite Apple’s refusal to provide a version of Configurator that will work with a version of OS X that is (nominally) still supported.
Your’re doing it wrong. I wrote this in 2011 but it still works.
https://islandinthenet.com/ios-5-secure-mail/
Video how to configure S/MIME for free (and renewable) Fossa X.509 certificates either on Mac https://www.youtube.com/watch?v=Fyc5YW3BS0Y iOS https://www.youtube.com/watch?v=beQM4nLWGxs&t=49s and to exchange email with web Gmail.
@Scott B: You’re absolutely right. This really should just work, but it never has. Perhaps I’ll write an op-ed some day lamenting that fact …
@MrJosefKafka: Actually, there is such an article already. Check out my article, MacOS: Using Email Encryption in Apple’s Mail for a walkthrough.
Nice article for the geeks, but this highlights what is wrong with the system: could I get my father to follow along in order to send private messages in email?
Until someone comes up with a way for anyone to use encrypted email without having a computer science degree, it’s a kludge.
(I know… my inner curmudgeon is showing)
The cert goes into the System keychain, but then it propagates into the others 🙂
Oh, I see how to do it. 1) it does have to be in the Login keychain, 2) select the My Certificates category, and 3) twist down the triangle next to the certificate and select the key inside the certificate. That will export a p12 file. Oddly, once I’ve done this I can export directly from the certificate too.
@Jeff Butts: Thanks for the tip. 1) the instructions that you linked to suggest putting the cert in the System keychain, and 2) exporting from the Login keychain also does not allow p12 export.
@deh2k: Make sure you’re in the Login keychain, looking under My Certificates.
Nice piece. Thanks for putting it together. However the p12 file type export option is gray and unavailable on my Mac, so I’m stuck.
Thanks a great piece, would love to see a “how to” for Mac mail.
Thanks again