IOS: FREE E-mail certificate profile stays in 'not verified' status

Hi Guys,
While installing a free comodo certificate in OSX is extremely easy, using the same certificate in your iPhone or iPad requires skills that surpass the intelligence of Einstein.

Whatever I do, the profile that is created with the p.12 remains in Not Verified.
I cannot send mails with certificate, let alone encrypt.

Steps (In a nutshell)
Install the certificate on my iMac
In Keychain, export the certificate and private key to a p.12 file
Use airdrop to transport this p.12 file to my phone.

Follow url for a screenshot of the items in keychain that I exported to p.12 file.

iPhone receives the .p12 file, and automatically starts the sequence that installs the appropriate profile.
When asked, I enter the password I used when creating the .p12 file, an press install several times followed by Done.
That should be it.
But whatever I do, whatever I try, the profile remains in “NOT VERIFIED” status.

Follow url for a screenshot from my iPhone
How to proceed from here?


Hi Leo,

“Not Verified” is referring to the profile as Apple expects this to be digitally signed too and its not. (I think Apple could implement certificates a bit better!) It is a common misconception that “Not Verified” means “Not Trusted” but it does not. “Not Verified” is expected in your scenario. Furthermore, you won’t be able to encrypt anything until someone has shared their public key (digital signature) with you on that device.

Have you tried following these instructions from Comodo in order to install your certificate on iOS?(apologies for the legacy screenshots; concepts should still apply)

Hi Sal,

Many, many thanks for your reply.
The problem was between the chair and the screen.

I had not realized that keychain does not share certificates. Not having the public key from my buddy’s e-mail on the physical IOS device is the reason I was not able to encrypt e-mails to him.

The notification in the profile that the certificate was not verified was indeed a red herring that has cost me the better part of the day to find out.

Your reply was spot on, and the nudge I needed to get back on track.

Thanks for your support, I owe you one.


Looks like a good answer for the support Knowledge Base. :-TU

Background info first: I have 2x email addresses (1 ubiquitous one, i.e. sometimes receives spam and junk email, hereafter referred to as “Demon”; and a 2nd carefully guarded email which rarely gets spam/junk email, hereafter referred to as “Angel”). I have a MacBook OS 10.12.2 and an iPhone iOS 10.

My intention is to send signed and encrypted emails from Demon to Angel on my MacBook as well do the same thing on my iPhone. I also want to send signed and encrypted emails from my MacBook to friends, as well as send signed and encrypted emails from my iPhone to my friends. It appears that the certificates are machine specific based on what i’ve read.

I have no problem sending signed and encrypted emails from Demon to Angel and vice versa on my MacBook, as well as sending emails from Demon as well as Angel to my friends on my MacBook.

The issue I have is sending signed and encrypted emails between Demon and Angel on my iPhone. I also can’t send signed and encrypted emails from either account to anyone on my iPhone. If I view the emails I sent to myself from my MacBook on my iPhone, i can see the signed and encrypted icons in the headers. If I try to reply to these signed and encrypted emails, I get a message “Unable to Encrypt” in the header under the email title. When I check Settings > General > Profiles> and drill down to view the configuration profiles for both Angel and Demon, there is a “Not Verified” warning below the Signed by email address. When I check Settings > Mail > Accounts > “Demon account” > Advanced > Use SSL is green, S/MIME is green, Sign is Yes = Demon account, Encrypt by Default is Yes = Demon account. My Mail settings for Angel account in Advanced are also SSL green, S/MIME green, Sign Yes, Encrypt by Default Yes.

What am I doing wrong or what did i skip that is causing the problem of not being able to sign and encrypt outgoing emails from my iPhone?

Update: so I apparently forgot to click to install the public key on the emails i was viewing on my iPhone (click on the signed and encrypted icons in the email header - it allows you to install the public key from that email address). Everything is fixed now. I found the answer in another thread! someone posted a link to a youtube video on how to install the keys on iOS 10 and I was only missing the last step. Apparently, on Mac OS X, it auto-installs the public keys you receive from other people. On iOS 10, you have to do this manually.