Richmond Home

Enabling Email Encryption For Your iOS Device

Note: Because installing your digital certificate gives anyone with access to your iOS device the ability to decrypt your encrypted e-mails, enabling a secure passcode to protect your device is extremely important. Please implement steps 1-5 from the Apple iOS Security Checklist before installing digital certificates on your iOS device. 

In order for you to be able to sign or encrypt an email message, you must export 2 digital certificates (personal and Richmond CA) from your computer and then import them onto your device.  Please follow the instructions below to assist you.

Exporting Your Digital Certificate for your IOS Device, follow these steps:

  1. From your computer, where the certificate is installed, open the Microsoft Management Console (MMC).  To open the MMC, click on the Start, and then click in the Search Programs and Files Box and type MMC
  2. Click on File, then Add/Remove Snap-In
  3. Add the Certificates snap-in to the console. When you are prompted, click My user account as the account to be managed.
  4. In the MMC console, double-click Certificates – Current User, double-click Personal, and then click Certificates.
  5. In the right pane, right-click the certificate that you want to export (should be your username).  Point to All Tasks, and then click Export.
  6. When the Certificate Export Wizard starts, click Next.
  7. On the Export Private Key page, click Yes, export the private key.
    The private key is required for the encrypted messages to be read from the computer where the key will be imported.
  8. On the Export File Format page, leave the default settings, and then click Next.
  9. On the Password page, type password for the private key.

10.  On the File to Export page, type the path and the name for the exported certificate file, and then click Next. (It is suggested that you store the file locally on your computer or to Box). 

11.  Click Finish.

The export certificate file is saved with the name that you specified and a .pfx extension.

You must also export the RichmondCA certificate.  Follow these steps:

  1. From your computer, where the certificate is installed, open the Microsoft Management Console (MMC).  To open the MMC, click on the Start, and then click in the Search Programs and Files Box and type MMC
  2. Click on File, then Add/Remove Snap-In
  3. Add the Certificates snap-in to the console. When you are prompted, click My user account as the account to be managed.
  4. In the MMC console, double-click Certificates – Current User, double-click Trusted Root Certification Authorities, and then click Certificates.
  5. In the right pane, right-click the certificate that you want to export (RichmondCA).  Point to All Tasks, and then click Export.
  6. When the Certificate Export Wizard starts, click Next.
  7. On the Export File Format page, leave the default settings, and then click Next.
  8. On the File to Export page, type the path and the name for the exported certificate file, and then click Next. (It is suggested that you store the file locally on your computer or to Box).  
  9. Click Finish.

The export certificate file is saved with the name that you specified and a .pfx extension.

Installing Digital Certificates for IOS 5 Devices, follow these steps:

  1. Transfer your personal certificate and the RichmondCA certificate to your IOS 5 device.  You can e-mail the encrypted pfx file to yourself and open message of your device.
  2. Select the pfx file once you have access to it.  IOS will automatically attempt to install the pfx file as a profile.
  3. Click the Install button.  You will get a warning that the profile is unsigned, but click OK.
  4. Enter your pfx password and click Next
  5. Click Done on the final screen to complete the profile installation.

Configuring your Device to Read Encrypted Email

  1. Click on the Settings button and navigate to the Mail, Contacts, Calendars control panel.  Under Accounts, select Exchange.
  2. Select the Account setting at the top.  Scroll down to the S/MIME section and make sure the S/MIME option is set to ON.  This allows you to read encrypted email sent to you.

Turning on Email Signing

  1. Click on the Settings button and navigate to the Mail, Contacts, Calendars control panel.  Under Accounts, select Exchange.
  2. Select the Account setting at the top.  Scroll down to the Sign setting and make sure the Sign option is set to ON.  Your certificate will likely already be listed with a check mark next to it. 

Note:  This will digitally sign all outbound emails from the account.  Messages cannot be signed on a per message basis. 

Encrypting Outgoing email

  1. Click on the Settings button and navigate to the Mail, Contacts, Calendars control panel.  Under Accounts, select Exchange.
  2. Select the Account setting at the top.  Scroll down to the Encrypt setting and make sure the Encrypt option is set to ON.  Your certificate will likely already be listed with a check mark next to it. 

Note:  This will digitally encrypt all outbound emails from the account.  Messages cannot be encrypted on a per message basis. 

  1. Go back to the Account setting and click Done.

Help Desk

(804) 287-6400
helpdesk@richmond.edu
Jepson Hall, Room G-19

Summer Hours
Mon-Thurs: 8:30am-6:30pm
Friday: 8:30-5pm

Weekend Phone Support
Saturday: 10am – 4pm
Sunday: 10am – 4pm

 

Live Support

Online: Chat with IS

Offline: Leave a Message