iPhone in Business Digital Certificates
Supported certifi cate and identity formats:
• iPhone supports X.509 certifi cates with RSA keys.
• The fi le extensions .cer, .crt, .der, .p12 and .pfx are recognized.
Root certificates
Out of the box, iPhone includes a number of preinstalled root certifi cates. To view
a list of the preinstalled system roots, see the Apple Support article.
If you are using a root certifi cate that is not
preinstalled, such as a self-signed root certifi cate created by your company, you
can distribute it to iPhone using one of the methods listed in the “Distributing
and Installing Certifi cates” section of this document.
iPhone supports digital certifi cates, giving business users secure, streamlined access
to corporate services. A digital certifi cate is composed of a public and private key pair,
along with other information about you and the certifi cate authority that issued the
certifi cate. Digital certifi cates are a form of identifi cation that enables streamlined
authentication, data integrity, and encryption.
Certificates can be used to sign and encrypt many types of data. Data signed with a
digital certifi cate helps to ensure that it has not been changed or altered, and can also
be used to guarantee the identity of the author or “signer.” Additionally, certifi cates can
be used to encrypt confi guration profi les and network communications to help further
protect confi dential or private information.
Identity certificates
Digital certificates can be used to securely authenticate users to corporate services
without the need for user names, passwords or even tokens. On iPhone, certifi cate-based
authentication is supported for access to Microsoft Exchange ActiveSync, Cisco IPSec VPN,
and WPA2 Enterprise Wi-Fi networks.
Server certificates
Digital certifi cates can also be used to validate and encrypt network communications.
This provides secure communication to both internal websites and websites on the
public Internet. The Safari browser can check the validity of the X.509 digital certifi cate
being presented and set up the secure session with 128-bit SSL encryption. This verifi es
that the site’s identity is legitimate and that your communication with the website is
protected to help prevent interception of personal or confi dential data.
 | 
)
)
)
)
)
