Importing and using your Email or Personal Authentication certificate with iOS



This document explains how you can import, configure and use your CPAC/Email on iOS devices such as the iPhone and iPad.

If you originally downloaded your certificate to your desktop or laptop then you first need to export it using one of the browsers listed on the CPAC main page. When doing this, please make sure you export the private key and include all certificates in the certificate path if possible. You must also specify a strong password to protect the certificate file.

Once exported you can email the certificate file to your iOS device or transfer it in some other manner (for example, copy to a USB drive or upload then download from online storage).

Importing your certificate into iPhone/iPad:

  1. Locate and open the .p12 file that contains the certificate you wish to import.

    Tap the Install button to begin the certificate import wizard.

  2. Select Install Now then enter the password you set up for the certificate when it was exported.

  3. After your password is accepted, iOS will automatically import your certificate. You should see a confirmation dialog similar the one shown below.

  4. Tap Done to exit the wizard.

This certificate can now be used to digitally sign and encrypt your emails and/or authenticate your identity. Next, you need to assign your certificate to your email account.

Enable S/MIME for your mail account:

  1. Open iOS Settings then open Mail, Contacts, Calendars

  2. Open the mail account that matches your certificate and open its 'Advanced' settings.

    The location of the 'Advanced' row may vary between versions of iOS.

  3. On the advanced settings page, scroll down to S/MIME and turn it ON. Doing so will reveal the Sign and Encrypt options:

Background information:

Signing authenticates and attests to the integrity of your mail by ensuring the recipient knows the email has come from you and by alerting them if the mail has been modified since the time you sent it.

Encryption ensures the privacy of your mail by ensuring that only the recipient can decipher and view the email content. In order to encrypt email you must have the recipient's digital certificate installed on your device and their certificate must be assigned to the relevant entry in your address book

Enable signing and encryption

Note - enabling the Sign/Encrypt options here will apply the action to all outbound emails from this account. Messages cannot be signed/encrypted on a per-message basis.

To digitally sign mail:

  1. Once S/MIME is activated, tap Sign.

  2. Slide the Sign switch to ON.

  3. Your certificate will likely already be selected with a check-mark next to it. If you have multiple certificates installed, choose the appropriate one.

To encrypt mail:

  1. Once S/MIME is activated, tap Encrypt.

  2. Slide the Encrypt switch to ON.

  3. Your certificate will likely already be selected with a check-mark next to it. If you have multiple certificates installed, choose the appropriate one.

Note: If encryption is enabled, it is advisable to enable signing also so that new recipients can obtain your public key and send encrypted mails to you.

Contact an Expert

Contact us for consultation on your security needs.


Contact an expert