<

Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

import self-signed certificates into iPhone

Published on
32,740 Points
26,540 Views
2 Endorsements
Last Modified:
If you need to import self-signed SSL certificates into your Apple iPhone, you may get the cryptic error message: "Invalid Profile - Profile format not recognized".

Apparently, the iPhone doesn't understand the usual PEM (Privacy-Enhanced Mail) certificates format, which is Base64 encoded. It needs the binary DER (Distinguished Encoding Rules) format.  Therefore, you will need to convert your existing PEM or self-signed SSL certificate .crt files into the binary DER format recognized by the iPhone.

One method of conversion, is using OpenSSL (www.openssl.org) which is an open source tool-kit.  For Windows users, see the OpenSSL for Windows site at gnuwin32.sourceforge.net for download.

Example OpenSSL command to convert a .crt file:
infile=cacert.crt
outfile=cacert.der
openssl x509 -in $infile -inform PEM -out $outfile -outform DER

Open in new window

(Adjust the $infile and $outfile variables for your file names)

Example OpenSSL for Windows to convert a .crt file (the syntax for cmd.exe):
SET infile=cacert.crt
SET outfile=cacert.der
openssl x509 -in %infile% -inform PEM -out %outfile% -outform DER

Open in new window


You probably want to import both your CA (certificate authority) certificate and your server certificate (for example, your mail server's certificate), so convert both and attach them to an email you send to your iPhone. Or you can put them on a web server and use Safari to get them from there (editor's note: this comes in handy considering in most cases the SSL certificates are being installed for your mail server and as such means you can't access email until the certificates are installed; therefore, sending an email will not work). Once you have them on the phone, you should be able to just double-click to install them (editor's note: on the new iPhone, I found that the Exchange set-up automatically pulled the CA/server certificates from the HTTPS OMA - Outlook Mobile Access - website also thus making life a little easier).
2
Comment
Author:rduke15
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
0 Comments

Featured Post

New benefit for Premium Members - Upgrade now!

Ready to get started with anonymous questions today? It's easy! Learn more.

Join & Write a Comment

This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month