Retrieving S/MIME certificates
You can use certificate retrieval profiles to allow
iOSdevices to search for and retrieve recipients' S/MIME certificates from each of the specified LDAP certificate servers. If a required S/MIME certificate is not already in a device's certificate store, the device retrieves it from the server and imports it into the certificate store automatically. If there is more than one S/MIME certificate and a device is unable to determine the preferred one, the device displays all the S/MIME certificates so that the user can choose which one to use.
You can require that devices use either simple authentication or
Kerberosauthentication to authenticate with LDAP certificate servers. You can include the required authentication credentials in the certificate retrieval profiles so that devices can automatically authenticate with LDAP certificate servers. If you do not include the required credentials, the device prompts the user for the credentials the first time that the device attempts to authenticate with an LDAP certificate server.
If you do not create a certificate retrieval profile and assign it to user accounts, user groups, or device groups, users must manually import S/MIME certificates from a work email attachment or a computer.