Setting up a certificate on a mobile device
iPhone
Install certificates from the DFN Website
So that your certificate can be validated, you have to install the 3 DFN CA certificates. To do this, open the DFN-Webseite with the web browser of your iPhone. Now install the following CA certificates one by one.Root certificate:
Open the root certificate and install it on your iPhone.
DFN-PCA certificate (G2):
Open the DFN-PCA certificate (G2) and install it on your iPhone.
CA-Certificate:
Open the CA certificate and install it on your iPhone.
Sending the certificate to your iPhone and installing it
Here you will find instructions on how to export the certificate.You can copy the certificate to your mobile phone via email. To do this, send yourself an e-mail with the certificate.
Open the certificate in the attachment and install it on your mobile phone.
For the password, enter the certificate backup password that you selected when you exported the certificate.
You can see installed profiles (certificates) on the iPhone under Settings → General → Profiles.
In order to be able to use the certificate, you have to assign it to your mail account. Open Settings → Passwords and Accounts and select your e-mail account.
Then click on Advanced and select your certificate for signing and encrypting. If you only want to sign the e-mails, you can leave Encrypt by default deactivated.
iPad
Download the certificate to your iPad and install it
Here you will find instructions on how to export the certificate. You can copy the certificate to your iPad via email. To do this, send yourself an e-mail with the certificate. Open the attachment of the e-mail and select Save to files under Settings in the top right corner.
Click on the saved certificate to save it in Profiles.
Go to Settings → General → Profiles and select the certificate there and click Install.
Then first enter the device password and then the password that you selected during export.
Note: If you did not enter a password when exporting the certificate, you can ignore this step.
Similarly to the I-Phone, the 3 root DNF Certificates must be additionally installed on the device, so that the user can be verified.
Signing and encrypting Emails with a Certificate
To be able to use the certificate for signing and encrypting, you have to assign it to your mail account. Open Settings → Mail → Accounts and select your e-mail account (in this case we have Exchange).
After that you have to activate the option for signing and encryption. Click on your mytum Email Account → Advanced Settings
.png)
Two options must be visible under S/MIME: Sign and Encrypt. First select Sign.
.png)
Under Certificates you can select your verified certificate.
Now take a step back and do the same for Encrypt
.png)
How to send a signed and encrypted e-mail
Note: Please make sure that your device is up-to-date! You should also restart your device.After you have activated the S/MIME options, you should be able to send and receive signed e-mails. You can check whether an email is signed as follows:
If this approved character is present, it means the email is signed.
Before you can encrypt e-mails, you must first exchange signed e-mails with your correspondent so that you can receive his/her certificate.
When you click the email address with an approved character, you should see the following menu:.png)
You must then download it and install it. After you have installed it successfully, you should be able to send out encrypted e-mails. If the e-mail is encrypted, it should look as follows:
Android
FairEmail
You must first set up an in.tum account or TUM account on your mobile phone, if you do not already have one. Then send yourself the certificate by email and save it on your mobile phone.
Here you will find instructions on how to export the certificate. Then open the Settings and select Manage on the Main Settings page under ”Set up Account”. Then click on your email account.
Click on Client Certificate and in the opened window select Install Certificate.
Select the certificate on the mobile phone that you want to install and enter the passphrase for the certificate. You can rename the certificate. Then click OK. Then click select the certificate and click SELECT.
Note: If you did not enter a passphrase when exporting the certificate, you can ignore this step.
Select the encryption method
Under Settings → Encryption you can set that the e-mails are automatically encrypted if you have the public key of the recipient who has a valid S/MIME certificate. You can change this setting each time you send an e-mail.
Manage public keys
To send an encrypted e-mail, you need the recipient's public key. To do this, the recipient must either send you a signed email or you must save the recipient's public key on the mobile phone.
Signed E-Mail
When you have received a signed e-mail, click on the signature symbol to save the public key. After this step it will be possible to write an encrypted email to this recipient.
Adding new public key
Open Settings, then select Encryption in the tab and click on Manage public keys on the page and then click on the + sign to add public keys. You can then close the Settings.
Send signed and / or encrypted email.
We have activated automatic encryption and signing in the settings, which is why Encrypt is displayed at the bottom of the program. If the recipient has a valid S/MIME certificate and their public key is stored in the program, the email can be sent encrypted. Otherwise you will get the following error message: No public key for. …. @ …. Click on Encrypt and select how the e-mail should be sent. Note: If automatic encryption is disabled, ”Sign” it will appear at the bottom of the program.
Chemie
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding Foswiki? Send feedback