ARCHIVED: Use digital signatures for email on iOS devices
On this page:
- Before you begin
- Install on iOS
- Use client certificates in iOS Mail
- Use a group account certificate
- Disable your certificate
Before you begin
To view all the content available to you here, use the green log into the Knowledge Base.
button at the top of this page toDue to enhanced security features in Exchange Online, digital signatures are no longer required at IU; however, digital signatures will continue to work as expected if you wish to continue using them.
At Indiana University, you can use ARCHIVED: S/MIME client certificates from the InCommon Certificate Service to digitally sign and/or ARCHIVED: encrypt email messages. For instructions on getting a client certificate, see ARCHIVED: Get an S/MIME client certificate for digital email signatures at IU. For information about potential issues affecting various applications and devices, see ARCHIVED: Known issues with using S/MIME client certificates to digitally sign or encrypt email at IU.
When you receive your client certificate from InCommon, it will be encrypted in the PKCS 12 format (.p12
or .pfx
), using the strong passphrase ("PIN") you created for it at the time of request. You will need this passphrase to install the certificate.
To use S/MIME client certificates on an iPhone, iPad, or iPod touch, iOS 5.1 or later is required.
You should already have your certificate file from InCommon on your personal computer. If you are unable to find your certificate file, you can export it from the certificate management application for your computer. For export instructions, see ARCHIVED: Use digital signatures for email with Apple Mail and Outlook for macOS or Disable your client certificate.
View a video about using digital signatures on iOS devices.
Install on iOS
- Install the "InCommon RSA Standard Assurance Client CA" certificate on your iOS device; this allows your own certificate to appear as "Verified":
- On your iOS device, use Safari to go to the site below and install the certificate:
http://cert.incommon.org/InCommonRSAStandardAssuranceClientCA.crt
- On the "Install Profile" screen, you will see the "Verified" certificate file to install. Tap .
- If you are using Touch ID or have a passcode set up, you'll have to verify that to proceed. You may also see a notice informing you that installing the profile will change settings on your device. Tap when you're given the option.
- Tap .
- On your iOS device, use Safari to go to the site below and install the certificate:
- From your computer, send yourself an email message with your certificate file as an attachment; it will be either a
.p12
or.pfx
file. - On your iOS device, open the email message. Tap the attached file to start the installation.
- On the "Install Profile" screen, tap .
- If you are using Touch ID or have a passcode set up, you'll have to verify that to proceed. You may also see a notice informing you that installing the profile will change settings on your device. Tap when you're given the option.
- You may see a warning that the profile is not signed, but tap and then again.
- When prompted, enter the passphrase ("PIN") created when exporting the certificate. Tap , and then .
To check your profile, open the Settings app, then tap
, followed by . The certificate should have your name, and it should be checked as "Verified". If it's not, you may not have successfully installed the "InCommon Standard Assurance Client CA" certificate above.Use client certificates in iOS Mail
Enabling these options will allow you to digitally sign all email sent from your device. You also have the option to send encrypted email.
- Access your account settings:
- iOS 14: Go to .
- iOS 12 and 13: Go to .
- iOS 11: Go to .
- Earlier versions: Go to .
- Select the email account associated with your certificate.
- Tap the button with your IU email address.
- On the "Account" screen, tap
- To enable digital signing, tap , and then slide "Sign" to the on position. If your name is listed more than once under "Certificates", then you have installed multiple certificates on this device. Ensure the checkmark is next to the certificate with the most distant expiration date; to verify, tap the right arrow to view the certificate details.
- The encryption option will attempt to encrypt all correspondence from your device. If you do not have the public certificate for a recipient, the email message will not be encrypted.
To enable encryption, tap
, then slide "Encrypt by Default" to the on position. Make sure there's a check mark next to your name under "Certificates". If you do not want to encrypt all email you send from your device, do not enable encryption.Important:Email clients not using S/MIME client certificates will not be able to view encrypted email. Clients that cannot use S/MIME client certificates include Outlook on the web through any browser except Edge on Windows; recipients who use one of these clients will be unable to view encrypted email. However, all mail clients can view digitally signed email.
, then switch the "S/MIME" setting on. The "Sign" and "Encrypt" options are off by default.
- Tap .
- On the "Advanced Settings" page, tap to go back to the "Account" page.
- Tap to apply the settings.
Use a group account certificate
To use an S/MIME client certificate with a group account, install and enable the certificate as you would for a standard account.
- If the profile you are using in your email client is the group account, there should be no issues.
- If the profile you are using in your email client is your personal account and you want to send email from the group account, in your email message, open the "From" field and enter the group account address. If your personal account has "send as" rights for the group account, there should be no issues. If you are unsure whether you have "send as" rights, contact your IT Pro.
Disable your certificate
- Access your account settings:
- iOS 14: Go to .
- iOS 12 and 13: Go to .
- iOS 11: Go to .
- Earlier versions: Go to .
- Select the email account associated with your certificate.
- Tap the button with your IU email address.
- On the "Account" screen, tap .
- Tap , and then slide "Sign" to the off position.
- On the "Sign" page, tap to go back to the "Advanced Settings" page.
- On the "Advanced Settings" page, tap to go back to the "Account" page.
- Tap to apply the settings.
This is document bcsu in the Knowledge Base.
Last modified on 2023-05-18 10:28:24.