Solved

Nokia E61 does not trust certificate from public CA even though CA root is installed

Posted on 2007-11-30
8
3,778 Views
Last Modified: 2012-06-21
I've got a Nokia E61 that I want to use to pickup email etc. from Exchange on our SBS server, but I'm having problems getting the phone to trust the site certificate.

I'm using the RoadSync application from DataViz, but have the same issues if I use Mail for Exchange or just try to go to OWA through the E61's browser.

Initially I had tried using the certificate generated by SBS itself.  I'd exported the root certificate, installed it successfully on the phone and checked the appropriate trust boxes.  But I just couldn't get it to trust the site certificate.

So, to avoid wasting any more time on this, I bought an SSL certificate from RapidSSL.  I installed this on the SBS server and used OWA on a PC to check it was working properly.

As the certificate root (Equifax Secure Global eBusiness CA-1) was not already on the phone, I had to download this from their site and install it manually.

But still the certificate is not trusted.

I've read dozens of articles on here, on Nokia's site, on DataVIz's site and on other forums...but nothing seems to work.  I've contacted RapidSSL - their solution is for me to buy a more expensive certificate from them which uses the root Equifax Secure Certificate Authority - which is already pre-installed on the phone.  But I want to avoid that if I can - plus there's no guarantee this will work anyway.

Of course, I can just choose to continue when I get the warning message on the phone - but I have to do this each time it connects to the server.

Any ideas?  Driving me nuts.

Open in new window

0
Comment
Question by:devon-lad
  • 3
  • 3
8 Comments
 
LVL 16

Expert Comment

by:btassure
ID: 20381178
Have you tried browsing to the site and installing the certificate directly from there?
0
 
LVL 16

Expert Comment

by:btassure
ID: 20381221
By that I mean you need to put the certificate file in a browsable folder on the website, make directory indexing allowed and the download it directly.
0
 
LVL 1

Author Comment

by:devon-lad
ID: 20381224
Yes, I have.

Certificate installs successfully, but still gives untrusted warning.
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 16

Expert Comment

by:btassure
ID: 20381282
Have you tried copying to the phone directly and installing it from there? Say by memory card? or bluetooth? I had this issue setting up mailforexchange myself but it was way back in march and I can't remember exactly what I did!
0
 
LVL 1

Author Comment

by:devon-lad
ID: 20381297
Yes, have installed it through USB as well - no difference.

The thing is, however I install it, it shows up correctly in the certificate store - but the phone still thinks it's untrusted.
0
 
LVL 1

Accepted Solution

by:
devon-lad earned 0 total points
ID: 20401397
I have a solution.

There are many articles that advise the use of the OpenSSL tool for problems with certificate installation.  But I never had a problem with the installation process itself...certificate always installed without errors whether I downloaded it directly from the server or copied via USB...so I never tried OpenSSL.

However, I decided to give it a go...and it worked!

Complete process is as follows:

- download root certificate.  For RapidSSL, this is the Equifax Secure Global eBusiness CA-1, available at http://www.geotrust.com/resources/root_certificates/index.asp
- use OpenSSL (http://www.openssl.org/) to convert the certificate to .pem, using the command : openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem
- convert the .pem to .der using command : openssl x509 -outform der -in MYCERT.pem -out MYCERT.der
- copy the .der certificate to a directory on the website
- set the directory MIME type to application/x-x509-ca-cert for .der extension
- browse to the file using the E61 built in web browser, the certificate will install automatically

0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20437788
Closed, 500 points refunded.
modus_operandi
EE Moderator
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now