Setting up your certificate on the iPhone

The mail app on iPhone also supports digital signatures and e-mail encryption.

Certificates are called "profiles" here.

 

 

Load Chain of Trust

To use your personal certificate, you must first download the individual certificates of the "chain of trust", which are those of the certification authorities, to the device.

To do this, go to this website with your iPhone's Safari browser and click on the links below to install the "profiles".

 

new, generation 2

  1. T-TeleSec GlobalRoot Class 2 (Telekom Root CA G2)
  2. DFN PCA G2
  3. DFN PCA Global 2 Issuing CA (HZB-CA)

to verify older certificates, generation 1

  1. Certificate of Telekom-Root-CA
  2. DFN-PCA-Zertifikat
  3. Certificate of HZB CA

The first of these certificates, the root certificate, may be the only one that appears as "untrusted" because it doesn't have a parent certificate.

 

Loading your personal certificate

Now download your personal certificate to your iPhone. To do this, the certificate including the private key must be available in a file of the file type .p12.

You can obtain this file, for example, by exporting it from the browser you installed your certificate with for the first time or by exporting it from a mail program, e.g. Thunderbird, where the certificate is installed.

Export from Firefox or Thunderbird:

Tools/Edit -> Settings -> Advanced -> "Certificates" tab -> Show certificates -> "Your certificates" tab -> Mark your certificate and "Save...".

Export from Internet Explorer:

Tools (the wheel icon) -> Internet Options -> "Contents" tab -> Certificates -> Mark your certificate and "Export...". Make sure you checkmark "Yes, export private key". For this reason, you must also assign a password that you will need again for subsequent import.

Export from Outlook:

File -> Options -> Trust Center -> Settings for the Trust Center... E-Mail Security -> Import/Export... -> "Export digital ID (=your certificate) to a file -> select your certificate, a file name (type.p12) and a password to protect your secret key, that you therefor will need later for the import.

E-mail this file to yourself and open the e-mail on your iPhone. Open the attachment and you can install the certificate (profile) directly.

 

Profiles (certificates) already installed on the iPhone can be viewed in the settings under "General" -> "Profiles".

They are still needed to decrypt older e-mails.

 

Assign the installed certificate to your mail account

If your certificate is installed, you must now assign it to the mail account to be able to use it.

You do this in the settings for the mail account (Settings -> Accounts & Passwords). Here select your configured HZB mail account and go to the account settings by clicking "Account" and then "Advanced settings" at the very bottom. Switch on "S/MIME" and "Sign". Make sure that the correct certificate is checked if you have several. From now on, every outgoing e-mail sent from this device will be signed.

 

Of course, you could also set every e-mail to be encrypted by default, but this is only possible here in the central settings and unfortunately not for each e-mail individually and you won't have an encryption certificate from each of your mail partners.