Management and Security powered by Landesk

Enabling S/MIME email support for Apple devices

S/MIME (Secure/Multipurpose Internet Mail Extensions) signs email with a digital signature that verifies where the email came from. If the email client supports it, S/MIME can also encrypt the email.

Enable S/MIME for Apple devices (iOS and macOS) through a configuration profile payload. The payload must include a third-party security certificate for signing and encryption. Self-signed certificates aren't supported.

iOS S/MIME support is configured in the Exchange configuration. macOS S/MIME support is configured in the Mail configuration.

To configure iOS S/MIME support
  1. In Tools > Configuration > Agent settings, open the iOS or macOS configuration profile you want to modify.
  2. In the configuration profile editor, click the Certificates configuration, and click the Configure button if you don't see the configuration options.
  3. Browse for the certificate file you want to add and click Open.
  4. Type the Passphrase associated with the certificate.

  5. 5. Click the Exchange ActiveSync configuration, and click the Configure button if you don't see the configuration options. Add exchange account information to send to the device. To enable S/MIME, check the Enable S/MIME option, and select the Signing Certificate and Encryption Certificate you added earlier.

  6. Click OK and save your changes.
  7. Deploy the profile.
To configure macOS S/MIME support
  1. In Tools > Configuration > Agent settings, open the iOS or macOS configuration profile you want to modify.
  2. In the configuration profile editor, click the Certificates configuration, and click the Configure button if you don't see the configuration options.
  3. Browse for the certificate file you want to add and click Open.
  4. Type the Passphrase associated with the certificate.

  5. Click the Mail configuration, and click the Configure button if you don't see the configuration options.
  6. In the Mail settings section, as part of the account information to send to the device, click the Outgoing mail tab. Select the Enable S/MIME option, and select the Signing Certificate and Encryption Certificate you added earlier.
  7. Click OK and save your changes.
  8. Deploy the profile.

Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other