You may need to connect Outlook mobile to a company email server that uses a self-signed SSL certificate. This certificate is not issued by a trusted public authority, so mobile devices block the connection by default. The app will show an error and fail to add the account. This article explains how to install the self-signed certificate on your mobile device and configure Outlook to trust it.
Key Takeaways: Installing a Self-Signed Certificate on Mobile
- Certificate file transfer: You must obtain the .CER or .PEM file from your IT administrator and copy it to your mobile device.
- Device security settings: Install the certificate through your phone’s security or encryption menu to add it to the trusted credential store.
- Outlook account setup: Add your email account in Outlook only after the certificate is installed and trusted by the device’s operating system.
Understanding Self-Signed Certificates for Mobile Email
A self-signed SSL certificate provides encryption for your email connection but lacks verification from a trusted certificate authority. Public authorities like DigiCert or Let’s Encrypt are pre-trusted by operating systems. Mobile apps, including Outlook, rely on this system-wide trust. When a certificate is self-signed, Android and iOS see it as an untrusted security risk and prevent the app from connecting.
The setup process has two distinct phases. First, you must install the certificate file onto your device’s operating system. This makes the device itself trust the server’s identity. Second, you add your email account within the Outlook app. The app will then use the device’s trusted credentials to establish a secure connection. You typically need the certificate file in .CER, .PEM, or .DER format from your email server administrator.
Prerequisites Before You Start
Ensure you have the correct certificate file from your IT department. You also need your full email address, account password, and the incoming and outgoing server addresses. These are often values like mail.yourcompany.com. Your device must allow installation of certificates from unknown sources, which might require temporarily changing security settings.
Steps to Install the Certificate and Add Your Account
The exact steps differ between Android and iOS. The following methods cover the general process for both platforms.
For Android Devices
- Transfer the certificate file to your device
Email the .CER file to yourself or download it from a company website. Save the file to your device’s internal storage or Downloads folder. - Open your device Settings
Navigate to Security & privacy or Biometrics and security. Tap on Encryption & credentials or a similar option. - Install the certificate
Select Install a certificate or CA certificate. Choose the certificate file from your storage. Name the certificate if prompted and confirm the installation. - Add the account in Outlook
Open the Outlook app. Tap your profile picture and select Add Account. Enter your email address and tap Continue. The app should now connect using the trusted certificate.
For iOS Devices
- Receive the certificate file
Open the certificate file attachment in an email on your iPhone or iPad. Alternatively, download it from a secure company portal in Safari. - Install the profile
Your device will prompt that a profile is being downloaded. Go to Settings > General > VPN & Device Management. Tap on the downloaded profile under Downloaded Profile. - Enable full trust for the certificate
Tap Install in the top right corner. You may need to enter your device passcode. After installation, go to Settings > General > About > Certificate Trust Settings. Toggle on trust for the newly installed root certificate. - Configure Outlook
Launch Outlook and go to Settings > Add Account > Add Email Account. Enter your email credentials. iOS will now permit the secure connection.
Common Mistakes and Setup Limitations
Outlook Still Shows a Security Warning
This happens if the certificate is installed in the wrong store or isn’t fully trusted. On Android, ensure you installed it as a CA certificate, not a user certificate. On iOS, verify the trust switch is enabled in Certificate Trust Settings. Restart your device after installation.
Certificate File Has the Wrong Format
Mobile devices typically need certificates in Base64-encoded PEM or DER format. If you have a .PFX or .P12 file, it contains a private key and is not suitable for device trust. Contact your administrator for the correct public certificate file.
Account Uses Modern Authentication
If your account uses Microsoft 365 with modern authentication, the connection may rely on Microsoft’s servers, not your company’s certificate. In this case, you likely do not need to install a local certificate. Try adding the account normally first.
Self-Signed vs Publicly Trusted Certificates
| Item | Self-Signed Certificate | Public Trusted Certificate |
|---|---|---|
| Issuer | Created by your own organization | Issued by a public certificate authority |
| Device Trust | Must be manually installed on each device | Pre-installed and trusted by all major OS |
| Use Case | Internal servers, testing, private networks | Public-facing email and web services |
| Outlook Setup | Requires extra configuration steps | Works automatically with no setup |
| Security Validation | Encryption only, no identity verification | Encryption and verified identity |
You can now add your work email to Outlook mobile even with a private security certificate. The key is installing the certificate file through your device’s security menu before opening the app. If you manage multiple devices, consider using a mobile device management tool to deploy certificates. For advanced control, ask your IT team about creating a certificate trust profile for automated iOS and Android deployment.