How to add a .crt certificate to iPhone's keychain?
Updated for iOS 12.0.1
As Andrew and Michal mentioned, apparently iOS only allows the Mail and Safari apps to open and install certificates. Other apps are blocked from opening certificates.
So here is how I got mine working:
- Put my certificate file (mycertificate.crt) on my private local server temporarily.
- Using iOS Safari (very important), browse to my https://mylocalsite.test/mycertificate.crt
- You'll probably see a "This Connection Is Not Private" warning and need to click "Show Details" > "visit this website".
- When prompted with "This website is trying to open Settings to show you a configuration profile. Do you want to allow this? [Ignore or Allow?]", choose "Allow".
- You'll now be in your iPhone Settings > Install Profile. Click "Install" to install the certificate.
- Enter your passcode to confirm.
- You'll see a warning telling you "This certificate will not be trusted for websites until you enable it in Certificate Trust Settings." Press "Install" to proceed.
- Press "Done".
- Visit Settings > General > About > Certificate Trust Settings
- "Enable full trust for root certificates" for the newly-installed certificate.
- (Restarting the phone does not seem to be necessary.) I was immediately able to use Chrome to browse to my site using https, and it worked as I hoped.
These other links helped me, too:
- https://support.apple.com/en-us/HT204477
- https://support.securly.com/hc/en-us/articles/206978437-How-to-deploy-Securly-SSL-certificate-to-iOS-
- For generating a local Certificate Authority and self-signed certificate, my favorite approach as of 2020-09-14 is https://github.com/FiloSottile/mkcert
Copied from the site you linked
If you wish to use your certificate for S/MIME after you have followed this guide, please visit https://support.quovadisglobal.com/KB/a353/how-do-i-sign-and-encrypt-on-an-apple-iphone.aspx. Important Note: Apple recommends that a *.p12 or *.pfx file is sent to your device as an attachment in an email. QuoVadis does not recommend this approach unless email access to your mail server is encrypted using SSL.
You need to e-mail yourself the certificate, other 3PP programs are sandbox'd from accessing the iOS keychain.
From iOS 11, if the .crt file is in a location accessible using the Files app, then you just need to tap on it from within Files to install the certificate.
This also applies to other types of certificates supported by iOS.