Nokia E61 does not trust certificate from public CA even though CA root is installed

I've got a Nokia E61 that I want to use to pickup email etc. from Exchange on our SBS server, but I'm having problems getting the phone to trust the site certificate.

I'm using the RoadSync application from DataViz, but have the same issues if I use Mail for Exchange or just try to go to OWA through the E61's browser.

Initially I had tried using the certificate generated by SBS itself.  I'd exported the root certificate, installed it successfully on the phone and checked the appropriate trust boxes.  But I just couldn't get it to trust the site certificate.

So, to avoid wasting any more time on this, I bought an SSL certificate from RapidSSL.  I installed this on the SBS server and used OWA on a PC to check it was working properly.

As the certificate root (Equifax Secure Global eBusiness CA-1) was not already on the phone, I had to download this from their site and install it manually.

But still the certificate is not trusted.

I've read dozens of articles on here, on Nokia's site, on DataVIz's site and on other forums...but nothing seems to work.  I've contacted RapidSSL - their solution is for me to buy a more expensive certificate from them which uses the root Equifax Secure Certificate Authority - which is already pre-installed on the phone.  But I want to avoid that if I can - plus there's no guarantee this will work anyway.

Of course, I can just choose to continue when I get the warning message on the phone - but I have to do this each time it connects to the server.

Any ideas?  Driving me nuts.

Open in new window

LVL 1
devon-ladAsked:
Who is Participating?
 
devon-ladConnect With a Mentor Author Commented:
I have a solution.

There are many articles that advise the use of the OpenSSL tool for problems with certificate installation.  But I never had a problem with the installation process itself...certificate always installed without errors whether I downloaded it directly from the server or copied via USB...so I never tried OpenSSL.

However, I decided to give it a go...and it worked!

Complete process is as follows:

- download root certificate.  For RapidSSL, this is the Equifax Secure Global eBusiness CA-1, available at http://www.geotrust.com/resources/root_certificates/index.asp
- use OpenSSL (http://www.openssl.org/) to convert the certificate to .pem, using the command : openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem
- convert the .pem to .der using command : openssl x509 -outform der -in MYCERT.pem -out MYCERT.der
- copy the .der certificate to a directory on the website
- set the directory MIME type to application/x-x509-ca-cert for .der extension
- browse to the file using the E61 built in web browser, the certificate will install automatically

0
 
btassureCommented:
Have you tried browsing to the site and installing the certificate directly from there?
0
 
btassureCommented:
By that I mean you need to put the certificate file in a browsable folder on the website, make directory indexing allowed and the download it directly.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
devon-ladAuthor Commented:
Yes, I have.

Certificate installs successfully, but still gives untrusted warning.
0
 
btassureCommented:
Have you tried copying to the phone directly and installing it from there? Say by memory card? or bluetooth? I had this issue setting up mailforexchange myself but it was way back in march and I can't remember exactly what I did!
0
 
devon-ladAuthor Commented:
Yes, have installed it through USB as well - no difference.

The thing is, however I install it, it shows up correctly in the certificate store - but the phone still thinks it's untrusted.
0
 
modus_operandiCommented:
Closed, 500 points refunded.
modus_operandi
EE Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.