iPhone Certificates

Today I was worrying how to get my own CA’s root certificate AND a certificate signed by my own CA into my iPhone.

After reading lots of stuff I finally made it:

First, send an email containing your CA’s root certificate (the .crt file) to an address which you will receive on your iPhone. Open this mail, click onto the attachment – and voila, you will be asked to install that Certificate. Do it 🙂

Your “Identity” – which consists of your client’s .crt and .key files need to be converted into a single PKCS12 .p12 file to be understood by the iPhone.

This conversion can be done by the following command (taken from http://shib.kuleuven.be/docs/ssl_commands.shtml):

openssl pkcs12 -export -in your_iphone_s.crt -inkey your_iphone_s.key -out your_iphone_s.p12 -name “name_of_your_iphone” -CAfile your_ca_s.crt -caname “your_ca_s_name” -chain

You will be asked for an export password which will protect your identity during transmission via email later. If your_iphone_s.key is protected with a password you will probably be asked for that one, too – but this was not the case with my file, so I cannot tell you.

Again, mail the resulting your_iphone_s.p12 to an address which you will receive on your iPhone. Open this mail, click onto the attachment – and voila, you will be asked to install that PKCS12 identity. Do it 🙂

You will be asked for the export password which you entered when creating the .p12 file.