S/Mime and iOS5 and Google Apps/Exchange – no worky

I’ve been trying to get my s/mime email signing certificate to work under ios5 and i think i’ve found a bug.

If you are trying to send a signed email from your iOS5 device and instead your recipients are receiving an attachment called smime.p7s it is likely that you are using gmail or google apps and are also using the exchange connector in iOS.

My guess is that Google didn’t setup a PKI infrastructure properly and when iOS tries to go a fetch a certificate from the non-existent exchange server the process fails and then an attachment is created.

If you setup your iOS mail account to google via IMAP then smime works as expected.

Filed a bug report with apple – 10302200.

[Update: 7 March 2012 – This is not fixed in iOS 5.1]

[Update: 17 November 2012 – This is not fixed n iOS 6.0.1]

9 thoughts on “S/Mime and iOS5 and Google Apps/Exchange – no worky

  1. And still not working in iOS 7

    In fact it’s worse, IMAP work-around doesn’t work anymore…

    1. Yes, same here. Installed a profile with exchange configuration for gmail account and the related comodo signed certificate. It does not work, the recipient receive a smime.p7s attachment instead a signed e-mail. Configured in IMAP it works properly.

      Anyone knows why?

  2. “If you setup your iOS mail account to google via IMAP”

    Hhm, what exactly do you mean? There is no IMAP setting available in the mail settings of my iPhone for my google exchange account ?

    Could you please provide a few details on what you mean and where it is?

    1. @Andy – You would delete the setup that uses Exchange and setup the account again in using the ‘add account’ button, and then choose gmail (which will setup imap by default) or ‘other’ and then make sure to use imap.

  3. I am not using Google Apps but I use 2 GMail accounts on my iPhone, one as Exchange and other as regular GMail. I have a Comodo cert for each one, and it the encryption/signing works in both. It looks like there is a bug for sending signed-only emails as Garth describe, but encrypting and signing works.

    I imported my certificates (.p12) enabling the web share in my mac for a second, and copying the certs there (~myname/xxx.p12) and opening them from my iphone. After installing them, I selected the “Install” option in the certificate info screen (Setting/General/Profiles/) for installing the encryption part of the cert (?). Then just select your SMIME cert in the settings of your email account and activate encrypting/signing and that’s it. You may need to ask you colleague to send you a signed email, open his/her cert and “Install” the encryption part as before.

    The UI and settings definitely need work, but at least it is usable in the mean time.

    I’ll try w/ my iPad tomorrow.

  4. This is happening to me too. Very annoying-I was looking forward to using my email certs with my iPhone like I do with Lion/mail.app for my business’ email.

    I filed a bug report with apple.

    1. Got an email that my report was a duplicate, so hopefully this will be fixed soon in one of those over the air updates.

  5. I’ve had the same issue using Google Sync and agree with you. It appears to me that iOS 5 tries to fetch a certificate from Google (a service which is not supported). Annoyingly, it does not seem to fallback to any certificates that you may have locally added to the iOS device either.

Comments are closed.