Apple-focused shortcut
Need the easiest Apple-focused workflow?
Learn the concepts here, then use SMIME Toolkit to generate keys on-device, build the CSR, export a .p12 identity, and complete the manual Apple setup path.
A “certificate not trusted” error sounds like a verdict on the certificate itself, but the problem is usually broader than that. In S/MIME workflows, this error often means the client cannot build or accept the path from the user certificate back to a trusted issuer.
Common causes
- missing root CA
- missing intermediate CA
- private CA not trusted on the device
- incomplete trust configuration
- identity that does not align with the expected account context
What to check first
- Who issued the certificate?
- Is the issuer public or private?
- Does the device trust the root and any required intermediates?
- Was the trust configuration actually completed?
Why Apple users see this often
Apple devices are strict about trust state. That is usually helpful, but it means private-CA S/MIME setups expose chain problems quickly.
What this error does not necessarily mean
It does not always mean:
- the certificate was never issued
- the
.p12import failed completely - Apple Mail is broken
It often means the chain behind the certificate is not being accepted.
Practical takeaway
Treat certificate trust errors as chain-and-policy problems first. Then work outward toward import, account, and client behavior.
Apple-focused shortcut
Ready to move from theory to setup?
If you are working through S/MIME on iPhone or iPad, use the app-specific workflow and Apple guides next.