Adding CA Cert root and personal certificates to your iPhone, iPod or iPad

The only requirement to add certificates to your iOS device is that it MUST be running iOS 5.0 or later.

  1. Go to the CACert website (https://www.cacert.org/) using Internet Explorer

  2. Click the ROOT CERTIFICATE link in the menu on the right (https://www.cacert.org/index.php?id=3)

  3. Install the Class 1 PKI Key using the PEM format
  4. Install the Class 3 PKI Key using the PEM format
  5. Log in to the CACert site
  6. Expand the CLIENT CERTIFICATES menu and select NEW
  7. Add your email address, sign by class 1 root certificate, select your name, enable login using the certificate, and select the single sign-on if desired.
  8. Click NEXT
  9. Select Microsoft Strong Cryptographic Provider and click CREATE CERTIFICATE
  10. Install certificate in the PERSONAL store inside Internet Explorer. DO NOT let the installer pick the "right" location for you!
  11. Download and install the iPhone Configuration Utility (Mac or Windows) from the Apple Enterprise Support page (http://www.apple.com/support/iphone/enterprise/)

  12. Run the iPhone Configuration Utility
  13. Select CONFIGURATION PROFILES on the left 1.jpg

  14. Click the NEW button at the top
  15. Select the GENERAL page
  16. Provide a name in the IDENTIFIER box. This is only a label but must be unique if you make more than one profile. 3.jpg

  17. Scroll the pages menu and click on the CREDENTIALS page 4.jpg

  18. Click CONFIGURE
  19. Pick the CACert certificate called "CA Cert Signing Authority" and click OK. This is the Class 1 certificate. 5.jpg

  20. Click the + to the right of the CREDENTIAL title to allow adding another certificate. 6.jpg

  21. Pick the CACert certificate called "CA Cert Class 3 Root" and click OK. This is the Class 3 certificate. 7.jpg

  22. Click the + to the right of the CREDENTIAL title to allow adding another certificate. 8.jpg

  23. Pick your personal email certificate and click OK. 9.jpg

  24. When prompted, enter and verify the password you want to use to secure your personal certificate. Remember what you make up as you will need it later. 10.jpg

  25. You will see your personal certificate listed now. 11.jpg

  26. Now you need to add your Email account information. These instructions include an Exchange account. Click the EXCHANGE ACTIVESYNC page. 14.jpg

  27. Click CONFIGURE 15.jpg

  28. Change the account name if you like. Enter the exchange server name, like mail.domain.com 16.jpg

  29. Check USE S/MIME
  30. Select your personal certificate from the pick list for SIGNING CERTIFICATE if you want to sign emails (note: ALL emails will be signed)
  31. Select your personal certificate from the pick list for ENCRYPTION CERTIFICATE if you want to encrypt emails (note: ALL emails will be encrypted)
  32. Enter the user ID, email address and password
  33. Select number of days to sync
  34. Now you need to send this to your phone. You can export the profile and get it on the iPhone, iPod, or iPad through iCloud, Dropbox, etc. or email it to yourself. Click FILE and then either EXPORT or EMAIL
  35. Ensure SIGN CONFIGURATION PROFILE is selected and click EXPORT or SHARE depending on whether you are exporting or emailing the file. 12.jpg

  36. Once you have the profile on your iOS device, open it. 13.jpg

  37. It may say VERIFIED or NOT VERIFIED. Either way, click INSTALL
  38. You will be asked for your device PIN. If you don't have one set, you will have to make one.
  39. Once installed you are finished! Every email you send with this mail account will be signed and/or encrypted, depending on how you set the ActiveSync portion of the profile.

If you want to undo the profile on your iOS device:

  1. Open SETTINGS -> GENERAL -> PROFILE

  2. If you have only one profile it will open automatically. If you have more than one you need to select the one you want to delete from the list.
  3. Click REMOVE
  4. Click REMOVE
  5. Enter your PIN when prompted

Using the iPhone Configuration Utility you can set up a lot more than just certificates. You can configure WiFi connections, VPN, restrictions, and a lot more. Play around with it and see how easy it is to use to configure your iOS device. But if you want to reinstall a profile after you make changes, you must delete the old one from the iOS device and get the new profile back on it and install it.


CategoryCommunity

Technology/TechnicalSupport/EndUserSupport/OperatingSystems/iOS (last edited 2012-11-11 18:52:34 by MichaelTänzer)