Browse All Articles > import self-signed certificates into iPhone
If you need to import self-signed SSL certificates into your Apple iPhone, you may get the cryptic error message:
"Invalid Profile - Profile format not recognized".
Apparently, the iPhone doesn't understand the usual PEM (Privacy-Enhanced Mail) certificates format, which is Base64 encoded. It needs the binary DER (Distinguished Encoding Rules) format. Therefore, you will need to convert your existing PEM or self-signed SSL certificate .crt files into the binary DER format recognized by the iPhone.
One method of conversion, is using OpenSSL ( www.openssl.org) which is an open source tool-kit. For Windows users, see the OpenSSL for Windows site at gnuwin32.sourceforge.net for download.
Example OpenSSL command to convert a .crt file:
Example OpenSSL for Windows to convert a .crt file (the syntax for cmd.exe):
You probably want to import both your CA (certificate authority) certificate and your server certificate (for example, your mail server's certificate), so convert both and attach them to an email you send to your iPhone. Or you can put them on a web server and use Safari to get them from there ( editor's note: this comes in handy considering in most cases the SSL certificates are being installed for your mail server and as such means you can't access email until the certificates are installed; therefore, sending an email will not work). Once you have them on the phone, you should be able to just double-click to install them ( editor's note: on the new iPhone, I found that the Exchange set-up automatically pulled the CA/server certificates from the HTTPS OMA - Outlook Mobile Access - website also thus making life a little easier).
Apparently, the iPhone doesn't understand the usual PEM (Privacy-Enhanced Mail) certificates format, which is Base64 encoded. It needs the binary DER (Distinguished Encoding Rules) format. Therefore, you will need to convert your existing PEM or self-signed SSL certificate .crt files into the binary DER format recognized by the iPhone.
One method of conversion, is using OpenSSL ( www.openssl.org) which is an open source tool-kit. For Windows users, see the OpenSSL for Windows site at gnuwin32.sourceforge.net for download.
Example OpenSSL command to convert a .crt file:
infile=cacert.crt
outfile=cacert.der
openssl x509 -in $infile -inform PEM -out $outfile -outform DER
Example OpenSSL for Windows to convert a .crt file (the syntax for cmd.exe):
SET infile=cacert.crt
SET outfile=cacert.der
openssl x509 -in %infile% -inform PEM -out %outfile% -outform DER
You probably want to import both your CA (certificate authority) certificate and your server certificate (for example, your mail server's certificate), so convert both and attach them to an email you send to your iPhone. Or you can put them on a web server and use Safari to get them from there ( editor's note: this comes in handy considering in most cases the SSL certificates are being installed for your mail server and as such means you can't access email until the certificates are installed; therefore, sending an email will not work). Once you have them on the phone, you should be able to just double-click to install them ( editor's note: on the new iPhone, I found that the Exchange set-up automatically pulled the CA/server certificates from the HTTPS OMA - Outlook Mobile Access - website also thus making life a little easier).
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (0)