iPhone

How can I create a self-signed S/MIME certificate using openssl that will fit the iPhone?

The crux of the matter is how to use openssl to generate self-signed S/MIME certificates for mail that could be used on the iPhone?
There is openssl and default config.
I create CA:
openssl genrsa -aes256 -out mail-ca.key 4096
openssl req -new -x509 -days 3650 -key mail-ca.key -out mail-ca.crt
(I then install mail-ca.crt to trusted root certificates)
Generate client secret key:
openssl genrsa -aes256 -out client.key 4096
Generate certificate request:
openssl req -new -key client.key -out client.csr Issue client.crt
certificate:
openssl x509 -sha256 -req -days 3650 -in client.csr -CA mail-ca.crt -CAkey mail-ca.key \
-set_serial 1 -out client.crt -setalias "E-Mail Certificate" \
-addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout
Export certificate to PKCS12 format:
openssl pkcs12 -export -in client.crt -inkey client.key -out client.p12
Ok, everything seems to be so.
But the funny thing is that on Windows in Outlook I can import and use the client.crt (or client.p12) certificate for signing / encryption (or client.p12, the import works anyway), but on the iPhone for S / MIME - well, nothing.
I issued a certificate in Comodo, it is an infection - it works and is imported. And the self-signed one - not in any ...
I understand that something simple is eluding me, but I don’t understand what.
Added on 01/15/16I moved a little in the decision: so that the iPhone does not swear when importing the client certificate, it must be converted to the DER format :
openssl x509 -outform der -in client.crt -out client.der The
import of client.der is fine. But! Even after import (profile is created) I can't use it for S/MIME. I suspect that when issuing the client.crt certificate, some additional parameters must be specified so that the purpose of the certificate is unambiguous. But I don't know yet how to specify it.