<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

import self-signed certificates into iPhone

Published on
33,815 Points
27,615 Views
2 Endorsements
Last Modified:
Approved
If you need to import self-signed SSL certificates into your Apple iPhone, you may get the cryptic error message: "Invalid Profile - Profile format not recognized".

Apparently, the iPhone doesn't understand the usual PEM (Privacy-Enhanced Mail) certificates format, which is Base64 encoded. It needs the binary DER (Distinguished Encoding Rules) format.  Therefore, you will need to convert your existing PEM or self-signed SSL certificate .crt files into the binary DER format recognized by the iPhone.

One method of conversion, is using OpenSSL (www.openssl.org) which is an open source tool-kit.  For Windows users, see the OpenSSL for Windows site at gnuwin32.sourceforge.net for download.

Example OpenSSL command to convert a .crt file:
infile=cacert.crt
outfile=cacert.der
openssl x509 -in $infile -inform PEM -out $outfile -outform DER

Open in new window

(Adjust the $infile and $outfile variables for your file names)

Example OpenSSL for Windows to convert a .crt file (the syntax for cmd.exe):
SET infile=cacert.crt
SET outfile=cacert.der
openssl x509 -in %infile% -inform PEM -out %outfile% -outform DER

Open in new window


You probably want to import both your CA (certificate authority) certificate and your server certificate (for example, your mail server's certificate), so convert both and attach them to an email you send to your iPhone. Or you can put them on a web server and use Safari to get them from there (editor's note: this comes in handy considering in most cases the SSL certificates are being installed for your mail server and as such means you can't access email until the certificates are installed; therefore, sending an email will not work). Once you have them on the phone, you should be able to just double-click to install them (editor's note: on the new iPhone, I found that the Exchange set-up automatically pulled the CA/server certificates from the HTTPS OMA - Outlook Mobile Access - website also thus making life a little easier).
2
Comment
Author:rduke15
0 Comments

Featured Post

CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

Join & Write a Comment

This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month