Use S/MIME to send encrypted messages in an Exchange environment in iOS

iOS offers support for S/MIME so that you can send encrypted email messages. 

To send encrypted messages, you need the recipient's certificate (public key). Mail accesses this certificate using one of two methods, depending on whether the recipient is in your Exchange environment. This article explains both methods.

Message encryption

When configuring S/MIME for your account, you can choose to ‘Encrypt by Default’ when composing new messages.

If you turn on the ‘Encrypt by Default’ preference, you can still encrypt on a per-message basis using the blue lock icon:

 

 

Send encrypted messages to people in your Exchange environment

If your recipient is a user in the same Exchange environment, iOS finds the necessary certificate for message encryption. iOS consults the global address list (GAL) and your contacts. 

Follow these steps to send encrypted messages to contacts in your Exchange environment:

  1. Compose a new message in Mail. Notice the unlocked lock icon, indicating that message encryption is enabled for your Exchange account.
  2. Begin addressing the message to a recipient in your Exchange organization.
  3. Mail consults the GAL to discover the recipient's S/MIME certificate.
  4. When Mail finds a certificate, a lock icon appears to the right of the recipient's contact name, and the address is highlighted in blue. Notice the larger blue lock icon, it can be used to toggle encryption for the message allowing you to easily compose both encrypted and an unencrypted messages.
  5. If you add a recipient and Mail can’t find the certificate, that address is highlighted in red and an unlocked icon appears to the right of the recipient's address. The message designation will now show unlocked and Unable to Encrypt.

Send an encrypted message to someone outside your Exchange environment

If the intended recipient is outside the sender's Exchange environment or if the sender isn't using an Exchange account, the recipient's certificate must be installed on the device. Use these steps.

  1. In a signed message from your intended recipient, tap the sender's address. Invalid signatures have a red question mark   to the right of the sender's address. Mail indicates valid signatures with a blue check mark   to the right of the sender's address.
  2. If the sender's certificate was issued by an unknown certificate authority that doesn't reside within your Exchange environment, tap View Certificate.

  3. To install and trust the sender's signing certificate, tap Install.
  4. The Install button changes color to red and reads Remove. Tap Done in the upper-right to complete the certificate-installation process.
  5. iOS associates this digital certificate with the recipient's email address, allowing for message encryption.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information.

Last Modified:
Helpful?

Additional Product Support Information

Start a Discussion

in Apple Support Communities
See all questions on this article See all questions I have asked
United States (English)