Class 1 VeriSign Digital ID S/MIME certificates not available for email signing
| Originator: | rsoderberg | ||
| Number: | rdar://10330681 | Date Originated: | 23-Oct-2011 01:55 AM |
| Status: | Open | Resolved: | |
| Product: | iPad | Product Version: | iPad 2, iOS 5.0 |
| Classification: | Other Bug | Reproducible: | Always |
23-Oct-2011 01:55 AM Richard Soderberg: Summary: VeriSign sells S/MIME certificates for $20USD per certificate, one per email address. The CN field is set to "Richard Soderberg" by their system and may not be modified by end users. The email field is set to, for example, "my@email.addre.ss" (without quotes). The account preferences UI says "No valid certificates found." Steps to Reproduce: Req'd: one computer with iTunes, one iPad 2 with a 4-digit pin code, one USB cable connected between previous with device shown and idle in iTunes. 1. Purchase a VeriSign personal S/MIME certificate for a given email address for $20 USD. The confirmation process requires a valid working email and Safari. It took me about 5 minutes to get a .p7s file, starting at https://www.verisign.com/digital-id/index.html 2. After completing the purchasing process and following the email steps, install the downloaded .p7s file using Keychain Utility on OS X. Get Info on the certificate and note the values for CN and email. 3. Export the new certificate to a "Certificate (*.cer)" file using Keychain Utility. 4. Install iPhone Configuration Utility. Create a new Configuration Profile. Select Email, Configure / +, and then select the previously-exported *.cer file. 5. Attach the iPad 2 via USB dock connector to a computer. (In my case, OS X 10.7.2, iTunes 10.5, Mac Pro (Early 2008) front connector.) The device will appear as a new entry in the leftnav in iPhone Configuration Utility. Select the device, select the Configuration Profiles tab, and click (INSTALL) on the right side of the previously-created profile. 6. On the iPad 2, click (INSTALL) on the new S/MIME entry listed under Settings -> General -> Profiles. Enter the device pin code. Confirm that it shows green "VERIFIED" checkmark. 7. On the iPad 2, go to Settings -> Mail, Contacts, Calendars -> Account_Name -> Account: email@address -> S/MIME. Set S/MIME to (ON) and select Sign -> No. Attempt to enable signing by selecting a valid certificate. Expected Results: Certificates list shows "No valid certificates found." in gray text. Actual Results: Certificates list shows iPCU-installed S/MIME certificate. Regression: Notes: OS X 10.7.2 Mail.app recognizes and uses the certificates automatically when imported.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Try loading a .p12 exported via Keychain Access
If you have loaded your email certificate into your Mac:
I got my email cert from Comodo but the above is basically what worked for me when previously I tried the same process you did and that hadn’t been successful.
This seems incorrect to me. A .cer file is what you would need from me to be able to decrypt my encrypted messages to you. To sign an email you need an identity which is a cert and a private key. I followed instructions from krypted.com's excellent s/mime article except I'm using a free Comodo cert and it works flawlessly. No point in paying Verisign, I'd trust street mimes more these days. Hell, might as well self sign certs and link to a google/DDG search on the person. Might as well use this nanny state .