Solved

Nokia E61 does not trust certificate from public CA even though CA root is installed

Posted on 2007-11-30
8
3,780 Views
Last Modified: 2012-06-21
I've got a Nokia E61 that I want to use to pickup email etc. from Exchange on our SBS server, but I'm having problems getting the phone to trust the site certificate.

I'm using the RoadSync application from DataViz, but have the same issues if I use Mail for Exchange or just try to go to OWA through the E61's browser.

Initially I had tried using the certificate generated by SBS itself.  I'd exported the root certificate, installed it successfully on the phone and checked the appropriate trust boxes.  But I just couldn't get it to trust the site certificate.

So, to avoid wasting any more time on this, I bought an SSL certificate from RapidSSL.  I installed this on the SBS server and used OWA on a PC to check it was working properly.

As the certificate root (Equifax Secure Global eBusiness CA-1) was not already on the phone, I had to download this from their site and install it manually.

But still the certificate is not trusted.

I've read dozens of articles on here, on Nokia's site, on DataVIz's site and on other forums...but nothing seems to work.  I've contacted RapidSSL - their solution is for me to buy a more expensive certificate from them which uses the root Equifax Secure Certificate Authority - which is already pre-installed on the phone.  But I want to avoid that if I can - plus there's no guarantee this will work anyway.

Of course, I can just choose to continue when I get the warning message on the phone - but I have to do this each time it connects to the server.

Any ideas?  Driving me nuts.

Open in new window

0
Comment
Question by:devon-lad
  • 3
  • 3
8 Comments
 
LVL 16

Expert Comment

by:btassure
ID: 20381178
Have you tried browsing to the site and installing the certificate directly from there?
0
 
LVL 16

Expert Comment

by:btassure
ID: 20381221
By that I mean you need to put the certificate file in a browsable folder on the website, make directory indexing allowed and the download it directly.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 20381224
Yes, I have.

Certificate installs successfully, but still gives untrusted warning.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 16

Expert Comment

by:btassure
ID: 20381282
Have you tried copying to the phone directly and installing it from there? Say by memory card? or bluetooth? I had this issue setting up mailforexchange myself but it was way back in march and I can't remember exactly what I did!
0
 
LVL 1

Author Comment

by:devon-lad
ID: 20381297
Yes, have installed it through USB as well - no difference.

The thing is, however I install it, it shows up correctly in the certificate store - but the phone still thinks it's untrusted.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 20401397
I have a solution.

There are many articles that advise the use of the OpenSSL tool for problems with certificate installation.  But I never had a problem with the installation process itself...certificate always installed without errors whether I downloaded it directly from the server or copied via USB...so I never tried OpenSSL.

However, I decided to give it a go...and it worked!

Complete process is as follows:

- download root certificate.  For RapidSSL, this is the Equifax Secure Global eBusiness CA-1, available at http://www.geotrust.com/resources/root_certificates/index.asp
- use OpenSSL (http://www.openssl.org/) to convert the certificate to .pem, using the command : openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem
- convert the .pem to .der using command : openssl x509 -outform der -in MYCERT.pem -out MYCERT.der
- copy the .der certificate to a directory on the website
- set the directory MIME type to application/x-x509-ca-cert for .der extension
- browse to the file using the E61 built in web browser, the certificate will install automatically

0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20437788
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now