Signing Exchange E-Mail on the iPhone 7 / 6 / 5 or iPad

Quick walkthrough for setting up signed outgoing e-mails on the iPhone / iPad

Scenario: You have a free E-Mail signing certificate such as the one from Comodo, you’ve set it up on your desktop/laptop e-mail, but you also send a lot of mail from your iPhone / iPad too.

There are two steps to getting signed mail working on the iPhone.

Step 1: Install your certificate and Private Key onto the iPhone using the ‘Apple Configurator version 2’.

Download the ‘apple configurator 2’ from the App Store onto your mac.
(This is a tool from apple that lets you create profiles and roll-out changes such as certificates to your iPhones/iPads/AppleTV’s.

Open it.

Goto File > new profile.

A new profile window appears, In the general tab, give the profile a name as below:

screen-shot-2016-11-03-at-03-28-16

Then, go into your mac key store (The app is called ‘keychain access’). Goto certificates, you should find your imported Comodo cert listed with your e-mail address as the title as below:

screen-shot-2016-11-03-at-03-29-23

Right click your mail certificate and chose export.

This will export your Certificate and Private key into one ‘.p12. file. You’ll be prompted to protect the exported certificate with a new password. (Don’t leave it blank. You’ll only need the password once in about a minutes time, so may as well make it strong!).

screen-shot-2016-11-03-at-03-29-51

screen-shot-2016-11-03-at-03-30-14

Now you should have a ‘.p12’ file in your documents. Yes? Good.

Back to the Apple Configurator Profile screen.. Click on the ‘Certificates’ section on the Left and click the ‘Configure’ Button. You will be prompted to add a certificate, use the finder window that appears to find and select your new .P12 file.

screen-shot-2016-11-03-at-03-32-09

You will then need to give the Profile the password you just used for the P12 export. Type it in the ‘password:’ field, you’ll know if it’s right as the window will change from showing this:

screen-shot-2016-11-03-at-03-32-25

To this:

screen-shot-2016-11-03-at-03-32-36

Thats it! We can now save this profile and add it to our iPhone/iPad.

Save it by clicking the title at the top of the profile window and give it a name. Mine saved in my iCloud drive, this is fine.

screen-shot-2016-11-03-at-03-32-56

Now, plug your phone into your Mac via USB. It will appear in the ‘Apple Configurator 2’ Main window.

screen-shot-2016-11-03-at-03-35-13

 

 

Right click it, chose Add > Profile. Then select our new .mobileconfig file we’ve just saved.

 

screen-shot-2016-11-03-at-03-35-31

screen-shot-2016-11-03-at-03-35-46

Then, follow the instructions on the Mac and on your iPhone to install the certificate.. The iPhone will need your iPhone password and warn you the ‘Profile is unsigned’. This is fine.

Once done, you can unplug your phone from your Mac, you’re ready for step 2…

Step 2: Turn S/MIME E-Mail signing on within your iPhone settings and select the certificate you just uploaded.

This is the easy bit.

On your phone. Go into settings > Mail.

Chose ‘Accounts’, then select the account the certificate is for (Mine is my Exchange account).

Then, select the ‘Account your@email.com’ line at the top of the screen to drill into that accounts’ settings…

img_3145

From here, Click ‘Advanced Settings’.

Finally, in Advanced settings, turn ‘SMIME’ to on. Then click on the new option ‘Sign’.

img_3146

Turn the sign setting on, you’ll be asked to chose a certificate. The one from the profile we uploaded should be listed for you to select, as below:

img_3147

Thats it, your e-mails should now be sent signed!

Matt

Google Nexus 4 Smartphone

I was going to write about the new Nexus 4 i’ve finally managed to get my hands on, and why, after many years of my mobile phones all having names beginning with ‘i’, I’m actually finding this new android device hard to fault…

But this guy pretty much 100% summaries my thoughts for me, right down to why previous attempts for me running android have failed.. and therefore saves me the trouble! Worth a read, whichever side of the fence you are on!

http://gizmodo.com/5973073/an-iphone-lovers-confession-i-switched-to-the-nexus-4-completely

 

It used to just be paperwork that took time to work out!

So the delivery of a new corporate laptop this week got me thinking;

It’s much more powerful, portable and generally nicer than anything I own and the fact of the matter is; if I’m near a computer for five out of the seven days every week, it’s going to be this one.

This ties into my last post about BYOD and staff ‘bringing their own data’. This works backwards to corporate-supplied devices too;

BYOD is currently, lets be honest, only really bringing your own ‘addon’ devices, and not your full digital working requirement.

BYODv2 in my mind will be where users fully bring every bit of local compute power they need to work, maybe minus the clutter/heavyness of standard peripherals such as screens and keyboards, instead have a uniform, wireless dock interface.

So for as long as there are corporate laptops, which their users are more likely to have on them than any personal laptop for a massive percentage of their weekly lives, there will always be remnants of their own personal data from lunchtimes, weekends, corporate travel, after works etc.

I digress, back to MY new shiny corporate laptop;

  • I needed a kick to get all my data, which is currently spread everywhere into some semblance of order and peace of mind over backups etc.
  • I hate always being on the wrong device for what I’m looking for (ooh, I took that photo on my iPhone, not my laptop/tablet/Nexus 4/Tomorrows device number seventy six and a half).
  • I don’t like having to swap between personal/corp equipment, especially now the corp laptop is actually much more powerful than my own!

Turns out, this isn’t something I should have thought about, as while the cloud solves some of these data-everywhere questions, it also opens up a lot more choice, ie a lot more questions on howto go about all this, it’s amazing just how many branches you end up with in your mind when you try and tackle that which, on the face of it, is a simple ‘get to my data on my devices’ question.

Even without going into all the corporate access stuff, my personal digital life and (more to the point) access to it, created this monstrosity, can you do any worse? Have you had the same thoughts and come up with a solution that works well? Do you want to talk to me about cool ideas for BYODv2 above? Comment or e-mail.

-Matt

Mind Map of how to get to my data on all my devices
Oh dear, it’s 3AM again

With ‘Bring your Own Device’ will come ‘Bring your Own Data’

A friend put me on to http://owncloud.org/, which despite it’s awful naming (oooh cloud! That’s new and good isnt it? snore!) is an open source implementation of some of Apples iCloud featureset (from what I can see) which can be hosted anywhere you want.

At first I was about to hit download, as a techy, running my own things in my own VM’s or somewhere I control the data security, backups etc, makes me feel a bit better; but then I realized something which I think a lot of people will realize, techy or not;

I’m already using my own Phone/Tablet for both work and for personal. My corporate dropbox/exchange/data stores will be much better backed up (one would hope) than anything I’m going to run locally and probably better than any very cheap consumer-level ‘cloud’ data stores; and even if not it doesn’t cost me anything.

… I’ll just backup/store my contacts/calendar/photo’s on there.

If you’re encouraging people to Bring their Own Devices to into your corporate infrastructure, don’t be surprised if they bring some personal data too. Expect ‘Personal’ or ‘Private’ or ‘NonWork’ directories to start appearing in users dropboxes, expect groups of contacts named ‘personal’ so they can filter them on their phone when they are not working. Have you capacity planned for this when thinking about BYOD?

For the record, I don’t think it’s such a bad thing and I think taking a hardline stance against this will slow down BYOD adoption; the company is making savings on client endpoints, the users therefore must feel it is ‘worth’ tying their own devices into a possibly restrictive corporate policy.

Just my 10p
Keep the change!