Solved

Nokia E61 does not trust certificate from public CA even though CA root is installed

Posted on 2007-11-30
8
3,786 Views
Last Modified: 2012-06-21
I've got a Nokia E61 that I want to use to pickup email etc. from Exchange on our SBS server, but I'm having problems getting the phone to trust the site certificate.

I'm using the RoadSync application from DataViz, but have the same issues if I use Mail for Exchange or just try to go to OWA through the E61's browser.

Initially I had tried using the certificate generated by SBS itself.  I'd exported the root certificate, installed it successfully on the phone and checked the appropriate trust boxes.  But I just couldn't get it to trust the site certificate.

So, to avoid wasting any more time on this, I bought an SSL certificate from RapidSSL.  I installed this on the SBS server and used OWA on a PC to check it was working properly.

As the certificate root (Equifax Secure Global eBusiness CA-1) was not already on the phone, I had to download this from their site and install it manually.

But still the certificate is not trusted.

I've read dozens of articles on here, on Nokia's site, on DataVIz's site and on other forums...but nothing seems to work.  I've contacted RapidSSL - their solution is for me to buy a more expensive certificate from them which uses the root Equifax Secure Certificate Authority - which is already pre-installed on the phone.  But I want to avoid that if I can - plus there's no guarantee this will work anyway.

Of course, I can just choose to continue when I get the warning message on the phone - but I have to do this each time it connects to the server.

Any ideas?  Driving me nuts.

Open in new window

0
Comment
Question by:devon-lad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 16

Expert Comment

by:btassure
ID: 20381178
Have you tried browsing to the site and installing the certificate directly from there?
0
 
LVL 16

Expert Comment

by:btassure
ID: 20381221
By that I mean you need to put the certificate file in a browsable folder on the website, make directory indexing allowed and the download it directly.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 20381224
Yes, I have.

Certificate installs successfully, but still gives untrusted warning.
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 16

Expert Comment

by:btassure
ID: 20381282
Have you tried copying to the phone directly and installing it from there? Say by memory card? or bluetooth? I had this issue setting up mailforexchange myself but it was way back in march and I can't remember exactly what I did!
0
 
LVL 1

Author Comment

by:devon-lad
ID: 20381297
Yes, have installed it through USB as well - no difference.

The thing is, however I install it, it shows up correctly in the certificate store - but the phone still thinks it's untrusted.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 20401397
I have a solution.

There are many articles that advise the use of the OpenSSL tool for problems with certificate installation.  But I never had a problem with the installation process itself...certificate always installed without errors whether I downloaded it directly from the server or copied via USB...so I never tried OpenSSL.

However, I decided to give it a go...and it worked!

Complete process is as follows:

- download root certificate.  For RapidSSL, this is the Equifax Secure Global eBusiness CA-1, available at http://www.geotrust.com/resources/root_certificates/index.asp
- use OpenSSL (http://www.openssl.org/) to convert the certificate to .pem, using the command : openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem
- convert the .pem to .der using command : openssl x509 -outform der -in MYCERT.pem -out MYCERT.der
- copy the .der certificate to a directory on the website
- set the directory MIME type to application/x-x509-ca-cert for .der extension
- browse to the file using the E61 built in web browser, the certificate will install automatically

0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20437788
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
If you use the Google Now Launcher, as an aftermarket add on, have a Samsung Note 5 and are worried about power consumption be wary of using the ultra power saving mode.  Here is what happened to me when I made the mistake of trying this out...
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question