Signing Exchange E-Mail on the iPhone 7 / 6 / 5 or iPad

Quick walkthrough for setting up signed outgoing e-mails on the iPhone / iPad

Scenario: You have a free E-Mail signing certificate such as the one from Comodo, you’ve set it up on your desktop/laptop e-mail, but you also send a lot of mail from your iPhone / iPad too.

There are two steps to getting signed mail working on the iPhone.

Step 1: Install your certificate and Private Key onto the iPhone using the ‘Apple Configurator version 2’.

Download the ‘apple configurator 2’ from the App Store onto your mac.
(This is a tool from apple that lets you create profiles and roll-out changes such as certificates to your iPhones/iPads/AppleTV’s.

Open it.

Goto File > new profile.

A new profile window appears, In the general tab, give the profile a name as below:

screen-shot-2016-11-03-at-03-28-16

Then, go into your mac key store (The app is called ‘keychain access’). Goto certificates, you should find your imported Comodo cert listed with your e-mail address as the title as below:

screen-shot-2016-11-03-at-03-29-23

Right click your mail certificate and chose export.

This will export your Certificate and Private key into one ‘.p12. file. You’ll be prompted to protect the exported certificate with a new password. (Don’t leave it blank. You’ll only need the password once in about a minutes time, so may as well make it strong!).

screen-shot-2016-11-03-at-03-29-51

screen-shot-2016-11-03-at-03-30-14

Now you should have a ‘.p12’ file in your documents. Yes? Good.

Back to the Apple Configurator Profile screen.. Click on the ‘Certificates’ section on the Left and click the ‘Configure’ Button. You will be prompted to add a certificate, use the finder window that appears to find and select your new .P12 file.

screen-shot-2016-11-03-at-03-32-09

You will then need to give the Profile the password you just used for the P12 export. Type it in the ‘password:’ field, you’ll know if it’s right as the window will change from showing this:

screen-shot-2016-11-03-at-03-32-25

To this:

screen-shot-2016-11-03-at-03-32-36

Thats it! We can now save this profile and add it to our iPhone/iPad.

Save it by clicking the title at the top of the profile window and give it a name. Mine saved in my iCloud drive, this is fine.

screen-shot-2016-11-03-at-03-32-56

Now, plug your phone into your Mac via USB. It will appear in the ‘Apple Configurator 2’ Main window.

screen-shot-2016-11-03-at-03-35-13

 

 

Right click it, chose Add > Profile. Then select our new .mobileconfig file we’ve just saved.

 

screen-shot-2016-11-03-at-03-35-31

screen-shot-2016-11-03-at-03-35-46

Then, follow the instructions on the Mac and on your iPhone to install the certificate.. The iPhone will need your iPhone password and warn you the ‘Profile is unsigned’. This is fine.

Once done, you can unplug your phone from your Mac, you’re ready for step 2…

Step 2: Turn S/MIME E-Mail signing on within your iPhone settings and select the certificate you just uploaded.

This is the easy bit.

On your phone. Go into settings > Mail.

Chose ‘Accounts’, then select the account the certificate is for (Mine is my Exchange account).

Then, select the ‘Account your@email.com’ line at the top of the screen to drill into that accounts’ settings…

img_3145

From here, Click ‘Advanced Settings’.

Finally, in Advanced settings, turn ‘SMIME’ to on. Then click on the new option ‘Sign’.

img_3146

Turn the sign setting on, you’ll be asked to chose a certificate. The one from the profile we uploaded should be listed for you to select, as below:

img_3147

Thats it, your e-mails should now be sent signed!

Matt

Lacking Something?.. It’s always customer service.

n So, it turns out i’m one of the lucky 46,524 ElReg (The Register) readers who has had their e-mail address spammed to a few thousand people… who have in turn, kindly placed it on PasteBin, random torrent sites, many forums, the side of the moon with a laser and other such annoying places!

And yet, i’m not that annoyed!

Here’s why… and I think in this day and age of everyone worrying about every bit of data, it’s important;

1. I’m called Matt and my blog is at www.matt-j.co.uk. Is it really that hard for a targeted phishing attack to work out an e-mail address in the first place?

2. It’s the register, a website that takes pride in highlighting technical cockups, basterdisations, IT Fo Pah’s and Comical! Yahoo! Related! Exclamation! Mark! Frenzy! Issues! before they’ve even sat down for the morning caffeine…. So no matter how annoyed we are all individually feeling, I’m pretty sure as an organization they’ll be feeling ten times worse for being beaten at their own game.

3. Did I mention it’s the register? I’m finding it quite hard (Maybe a psychologist wants to tell me why) to get annoyed with such an instutution within the industry, somewhere that generally gives you a good morning roundup of crap you need to concern your little head with.

But mainly because (and this is the important bit I was talking about at the beginning, the rest was just to test your stamina and determination!)…
They owned up, instantly, in an e-mail to everyone affected, disclosing figures that are far too un-rounded to be made up!

Yes, I think that’s it… Look at the recent Blackberry incident, it wasn’t that the service was down, it was that no-one from blackberry would give any of the circling vultures a single word for hours, even as speculation grew, nothing, twitter messages a-plenty… nothing! THAT’S the problem.

So ElReg, as much as you’ve amassed a million cocks to put yourself (and my e-mail address) in such a bastardy situation, it’s not going to stop me reading your news in a morning, fair play for making a hard decision.

And everyone else, I don’t claim to know much about business, but if you’re sucking at an all time low when competitors around you selling exactly the same service/product/moon etching laser are doing well, you may want to look at becoming more open and transparent with your customers.

Just my 10p, keep the change!

Matt