I tried to create my own S/MIME certificate with the help of this code:
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
openssl genrsa -des3 -out smime.key 4096
openssl req -new -key smime.key -out smime.csr
openssl x509 -req -days 365 -in smime.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime.crt -setalias "Self Signed SMIME" -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
openssl pkcs12 -export -in smime.crt -inkey smime.key -out smime.p12
First, I have to say, on my Mac, everything works fine. I was able to import the root certificate on both devices and I also was able to load the .p12 file. I am even able to send certified emails to my iPhone which can be verified. But when I want to sign a message on my iPhone I go to the advanced Settings in E-Mail and the certificate is just not there. Are there any special requirements for the certificate which I miss here? Is maybe the key length an issue?
UPDATE: An 2048 bit RSA certificate seems to work. I am not sure, if this is because it's shorter or because it's not self-signed. I also encountered problems installing the same (and valid) certificate on iOS 9.3.5.
Best Answer
I would recommend CAcert which is a recognised free certificate provider.
You need to use Apple Configurator 2 tool to package your s/mime root certificate and personal certificate into a .mobileconfig otherwise iOS won't trust the certs.