If you need to import self-signed SSL certificates into your Apple iPhone, you may get the cryptic error message: "Invalid Profile - Profile format not recognized"
Apparently, the iPhone doesn't understand the usual PEM (Privacy-Enhanced Mail) certificates format, which is Base64 encoded. It needs the binary DER (Distinguished Encoding Rules) format. Therefore, you will need to convert your existing PEM or self-signed SSL certificate .crt files into the binary DER format recognized by the iPhone.
One method of conversion, is using OpenSSL (www.openssl.org
) which is an open source tool-kit. For Windows users, see the OpenSSL for Windows site at gnuwin32.sourceforge.net
Example OpenSSL command to convert a .crt file:
openssl x509 -in $infile -inform PEM -out $outfile -outform DER
(Adjust the $infile and $outfile variables for your file names)
Example OpenSSL for Windows to convert a .crt file (the syntax for cmd.exe):
openssl x509 -in %infile% -inform PEM -out %outfile% -outform DER
You probably want to import both your CA (certificate authority) certificate and your server certificate (for example, your mail server's certificate), so convert both and attach them to an email you send to your iPhone. Or you can put them on a web server and use Safari to get them from there (editor's note: this comes in handy considering in most cases the SSL certificates are being installed for your mail server and as such means you can't access email until the certificates are installed; therefore, sending an email will not work
). Once you have them on the phone, you should be able to just double-click to install them (editor's note: on the new iPhone, I found that the Exchange set-up automatically pulled the CA/server certificates from the HTTPS OMA - Outlook Mobile Access - website also thus making life a little easier