• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1797
  • Last Modified:

SSL Certificate problems on Windows Mobile 5...

I continue to get a not trusted certificate error on a Cingular 8125 - Windows Mobile 5 device when accessing OMA as well as an error when synching through Micrsoft ActiveSync.  I have number of Treo 650s and Samsung PCH-i600s which work just fine through ActiveSync with SSL enabled.

The SSL certificate on the Exchange server was issued by InstantSSL/Comodo Group.  I have the root and intermediate certificates properly installed on the server (as evidenced by the other devices working).  I have installed three root certificates from the InstantSSL website on the Cingular 8125 using instructions from this site.  The 8125 works fine with SSL disabled.  Also, the certificate error gives green checks to date and server name, only "not chosen to trust" error.

I am completely at a loss here.  Any help would be appreciated.
0
kingwr12
Asked:
kingwr12
  • 5
  • 4
  • 2
1 Solution
 
oldhammbcCommented:
This sounds a bit strange, you shouldnt really have to install the certificate on the device because comodo certificates are already trusted on mobile 5 devices. If the certificate definatly for the host name you are using?
for example we have a certificate for webmail.ourcompany.com, this would not work attached to a website called oma.ourcompany.com
Have you tried connecting over outlook web access to see if you get the same error on a standard web browser?

Cheers

Dave J
0
 
kingwr12Author Commented:
Accessing OWA from a PC browser works fine.  No certificate warnings.

The certificate is for the correct host name, and in fact the certificate warning on the Windows Mobile 5 device gives green checks for date and name, but gives warning for "company not chosen to trust".

Further, the Windows Smartphone 2003 devices and the Treo 650s ActiveSync with no warnings or errors (I have never tried OMA from these devices).

Working from InstantSSL support site, I converted to DER and installed on the WM5 device 3 root certificates.  This did not resolve the problem either.  I agree that this is strange, in that it seems that everything works fine outside the WM5 environment, and with the root certificates installed, the WM5 should work too.  

WRK
0
 
oldhammbcCommented:
If the certificate is trusted by web browsers then there is no reason why the certificate should be installed on the device. Im wondering if the certificate store on the device has some how got screwed up with there being 2 different copies of the certificate being on there. Have you tried this on a "virgin" mobile 5 device?

Cheers
Dave J
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
kingwr12Author Commented:
I only have the one WM5 device (it is my new Cellphone, a cingular 8125).  However, I did not install the root certificates from Comodo/InstantSSL until AFTER the device was failing, i.e. exhibiting the symptoms described above.  I also tried only installing one of the root certificates before actually installing all 3.  I can try removing the 3 root certificates and see if that restores service.

WRK
0
 
oldhammbcCommented:
to be honest id also try that and maybe back up your phone and do a full reset on it, i know it sounds a bit harsh but then at least you will be 100% sure that its something on the server or the device.

Cheers

Dave J
0
 
SembeeCommented:
The fact that is working on a desktop does NOT mean it will work on the handheld.
Installing the root and intermediate certificate on the server will not help the handheld.

SSL certificates from that issuer are not trusted by Windows Mobile devices natively.
Therefore you will need to export both the root and the intermediate certificate in to the correct format and then import them in to the Windows Mobile device.

http://www.amset.info/pocketpc/certificates.asp

You can reset the device as many times as you like, the handheld will never accept the certificate until you have imported the required certificates.

Simon.
0
 
kingwr12Author Commented:
I tried installing the certificate issued for my mail server as well as the root certificates from the InstantSSL site using the exact procedure described on that website before I posted on this site.  None of that helped or solved the problem.  In fact, installing various certificates in various combinations has done nothing to change the symptoms on the WM5 device.

WRK
0
 
SembeeCommented:
Is this a wildcard certificate or a specific host certificate?

Have you seen this blog posting about using intermediate certificates?
http://blogs.msdn.com/windowsmobile/archive/2006/02/27/ssl_certificates_201.aspx

I only use certificates that come off a root direct or are trusted by the device. I have had no problems with RapidSSL certificates on Windows Mobile. I just need to install the root certificate on to the device and then I am done.

Simon.
0
 
oldhammbcCommented:
as far as i know comodo certificates are supported by windows mobile 5 (unless of course my mobile provider has installed it on my device and its not standard)
all comodo certeificates are trusted under the certificate GTE cybertrust global root. Could you look under your root certificates on the device and see if you have GTE cybertrust global root? We have purchased a certificate from a company called trustssl which basicially resells comodo certificates and that works fine with mobile 5.

Not really much help i know, but that certificate should definatly be supported by mobile 5.

Cheers

Dave J
0
 
kingwr12Author Commented:
Indeed GTE CyberTrust Global Root is installed on the WM5 device.  However, our Comodo cert appears to be issued on the AddTrust External CA Root.  I will put in a support request with Comodo.

WRK
0
 
kingwr12Author Commented:
The InstantSSL certificate issued by Comodo was issued from the UTN-USERFirst-Hardware root.  They reissued a certificate for me from the GTE CyberTrust Global Root CA root, I installed it and everything worked out of the box with no new certificates required on the WM5 device.

Takeway:  I am not sure how Comodo Group decides which root to issue a certificate, but you probably want to specify GTE CyberTrust Global root when buying an InstantSSL certificate for use with Windows Mobile 5 devices.

Thanks,
WRK
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now