You are here: Foswiki>TIG Web>CertificatesIntro>IPhoneCertsInstall (revision 9)EditAttach

Certificate installation for iPhone and iPod Touch

Installation of certificates as described below has been possible since iPhone OS 2.0.

Step 1: Install authority certificate

Tap CSAIL's authority certificate. Because you're accessing a bare certificate over the web, you should expect a warnings like "authenticity cannot be verified." It'll also ask for your passcode, if set. You're done when you see "Profile Installed."

Step 1.5: Create an iPhone passcode

If you don't do this, someone who ends up with your lost or stolen iPhone can impersonate you with your certificate.
  • For passable security (4 digit code): tap Settings -> General -> Passcode Lock.
  • For better security (5+ digits): tap longerpasscode.mobileconfig. This configuration profile unlocks the iPhone's ability to use variable-length numeric passcodes, and will immediately prompt you for a new passcode. It may also lock down settings for "Auto-Lock" and "Passcode timeout".
  • (Alternatively, you can choose alphanumeric passwords, but we've found them prohibitively difficult to enter in everyday use.)

Step 2: Install personal certificate

The iPhone cannot generate its own personal certificates, so the standard process (second link on CertificatesIntro) will not work. Instead, you need to transfer valid certificates from elsewhere. We recommend Firefox.
  1. Confirm that you can access CSAIL email on the iPhone. GenericMailConfigurationInfo should help setting up your CSAIL email account natively, or you can check mail with
  2. In Firefox, go to Tools/Options (Firefox/Preferences on a Mac), then Advanced
  3. Click Encryption, then View Certificates
  4. Select your CSAIL certificate. Verify that it's within "MIT Computer Science and Artificial Intelligence Lab", and that it has not yet expired.
  5. Click Backup and save your certificate in the default format (PKCS #12, .p12), providing passwords as necessary.
  6. Email the resulting .p12 file to yourself
  7. On the iPhone, open the email and click the .p12 attachment. Tap Install and enter the "certificate password" you just set.


  • The iPhone's Safari does not appear to handle a certain subtype of certificate authentication (Options SSLVerifyClient Optional), and thus you may not be able to access some certificate-protected pages, including event advertisements on
  • While the iPhone allows you to install more than one client certificate, installing MIT client certs alongside CSAIL client certs is not recommended. If you really think you need this, please consider:
    • For every https:// site that you visit, Safari will ask you which certificate to use -- but the two choices listed will be indistinguishable (each will just list your name)
    • Most major MIT sites are currently inaccessible to the iPhone due to its incompatibility with SSLVerifyClient Optional problem (including SAPweb, certain Library sites, and Stellar). No known workaround as of 14 Jul 2008.
    • Occasional users may find it useful to install MIT certificates on-the-fly to access a particular site and uninstall them when done accessing that site. MIT client certificates can be installed directly from (instead of using the .p12 import sequence described above). (This process involves generating a private key for you on the server, so those who are extremely security-conscious may not want to do this.)
  • Be careful not to connect your phone to a desktop/laptop running the iPhone Configuration Utility. Its automatically-installed "iPCU Certificate" will confuse Safari in similar ways to the CSAIL/Athena confusion described above -- except that there's no way to delete it.

Additional notes

To verify or remove certificates and passcode configurations, navigate to Settings -> General -> Profiles (second-to-last item).
Edit | Attach | Print version | History: r12 | r10 < r9 < r8 < r7 | Backlinks | View wiki text | Edit WikiText | More topic actions...
Topic revision: 06 Jul 2010, ArthurProkosch

MIT Computer Science and Artificial Intelligence Laboratory


  • About CSAIL
  • Research
  • News + Events
  • Resources
  • People

This site is powered by Foswiki MIT: Massachusetts Institute of Technology