Solved

Nokia E61 does not trust certificate from public CA even though CA root is installed

Posted on 2007-11-30
8
3,783 Views
Last Modified: 2012-06-21
I've got a Nokia E61 that I want to use to pickup email etc. from Exchange on our SBS server, but I'm having problems getting the phone to trust the site certificate.

I'm using the RoadSync application from DataViz, but have the same issues if I use Mail for Exchange or just try to go to OWA through the E61's browser.

Initially I had tried using the certificate generated by SBS itself.  I'd exported the root certificate, installed it successfully on the phone and checked the appropriate trust boxes.  But I just couldn't get it to trust the site certificate.

So, to avoid wasting any more time on this, I bought an SSL certificate from RapidSSL.  I installed this on the SBS server and used OWA on a PC to check it was working properly.

As the certificate root (Equifax Secure Global eBusiness CA-1) was not already on the phone, I had to download this from their site and install it manually.

But still the certificate is not trusted.

I've read dozens of articles on here, on Nokia's site, on DataVIz's site and on other forums...but nothing seems to work.  I've contacted RapidSSL - their solution is for me to buy a more expensive certificate from them which uses the root Equifax Secure Certificate Authority - which is already pre-installed on the phone.  But I want to avoid that if I can - plus there's no guarantee this will work anyway.

Of course, I can just choose to continue when I get the warning message on the phone - but I have to do this each time it connects to the server.

Any ideas?  Driving me nuts.

Open in new window

0
Comment
Question by:devon-lad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 16

Expert Comment

by:btassure
ID: 20381178
Have you tried browsing to the site and installing the certificate directly from there?
0
 
LVL 16

Expert Comment

by:btassure
ID: 20381221
By that I mean you need to put the certificate file in a browsable folder on the website, make directory indexing allowed and the download it directly.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 20381224
Yes, I have.

Certificate installs successfully, but still gives untrusted warning.
0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 16

Expert Comment

by:btassure
ID: 20381282
Have you tried copying to the phone directly and installing it from there? Say by memory card? or bluetooth? I had this issue setting up mailforexchange myself but it was way back in march and I can't remember exactly what I did!
0
 
LVL 1

Author Comment

by:devon-lad
ID: 20381297
Yes, have installed it through USB as well - no difference.

The thing is, however I install it, it shows up correctly in the certificate store - but the phone still thinks it's untrusted.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 20401397
I have a solution.

There are many articles that advise the use of the OpenSSL tool for problems with certificate installation.  But I never had a problem with the installation process itself...certificate always installed without errors whether I downloaded it directly from the server or copied via USB...so I never tried OpenSSL.

However, I decided to give it a go...and it worked!

Complete process is as follows:

- download root certificate.  For RapidSSL, this is the Equifax Secure Global eBusiness CA-1, available at http://www.geotrust.com/resources/root_certificates/index.asp
- use OpenSSL (http://www.openssl.org/) to convert the certificate to .pem, using the command : openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem
- convert the .pem to .der using command : openssl x509 -outform der -in MYCERT.pem -out MYCERT.der
- copy the .der certificate to a directory on the website
- set the directory MIME type to application/x-x509-ca-cert for .der extension
- browse to the file using the E61 built in web browser, the certificate will install automatically

0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20437788
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question