This document explains how to import, configure, and use your Personal Authentication Certificate / Email Certificate on an iOS device (such as an iPhone or iPad)

• Importing your certificate into iOS

• Enable S/MIME for your mail account

• Enable signing and encryption
  

If you have already collected the certificate on your desktop or laptop, you first need to export it into a PFX/P12 format from the original browser used to collect it. When doing this, make sure you export the private key and include all certificates in the certificate path if possible. You must also specify a strong password to protect the certificate file.

Once exported, you can email the certificate file to your iOS device or transfer it in some other manner (for example, copy to a USB drive or upload then download from online storage).

Importing your certificate into iPhone/iPad:

1. Locate and open the .p12 file that contains the certificate you wish to import.
   

   
   

   Tap the Install button to begin the certificate import wizard.

2. Select Install Now then enter the password you set up for the certificate when it was exported.
   

   
   
   

3. Once your password has been accepted, iOS will automatically import your certificate. You should see a confirmation dialog box, similar the one shown below.
   

   
   

4. Tap Done to exit the wizard.

This certificate can now be used to digitally sign and encrypt your emails and/or authenticate your identity. Next, you need to assign your certificate to your email account.

Enable S/MIME for your mail account:

1. Open iOS Settings then open Mail, Contacts, Calendars

2. Open the mail account that matches your certificate and open its Advanced settings.

   The location of the Advanced row may vary between versions of iOS.
   

   
   

3. On the advanced settings page, scroll down to S/MIME and turn it ON. Doing so will reveal the Sign and Encrypt options:
   

   
   

Background information:

• Signing authenticates and attests to the integrity of your email by ensuring the recipient knows the email has come from you and by alerting them if the email has been modified since the time you sent it.
• Encryption ensures the privacy of your email by ensuring that only the recipient can decipher and view the email content. In order to encrypt email you must have the recipient's digital certificate installed on your device and their certificate must be assigned to the relevant entry in your address book

Enable signing and encryption:

Note - enabling the Sign/Encrypt options here will apply the action to all outbound emails from this account. Messages cannot be signed/encrypted on a per-message basis.

To digitally sign email:

1. Once S/MIME is activated, tap Sign.
   

   
   

2. Slide the Sign switch to ON.

3. Your certificate will likely already be selected with a check-mark next to it. If you have multiple certificates installed, choose the appropriate one.

To encrypt email:

1. Once S/MIME is activated, tap Encrypt.
   

   
   

2. Slide the Encrypt switch to ON.

3. Your certificate will likely already be selected with a check-mark next to it. If you have multiple certificates installed, choose the appropriate one.

Note: If encryption is enabled, it is advisable to enable signing also so that new recipients can obtain your public key and send encrypted mails to you.