Solved

Certificate problem Can't browse https  (SSL) sites

Posted on 2008-10-04
13
1,100 Views
Last Modified: 2013-12-05
Hi,
I have a TREO 750 and I can't browse two of our Exchange OWA web site. There an certificate error. The error said that the certificate have the good name and date but we don't trust certificate. I nstalled the root certificates on the treo. and they appear in the root store but still have the error.

I can browse this site (and also synchronise) with auther phone HTC 6800 with Windows mobile 6.0 on who I installed the same root certificates. We also can browse those ssl site from any XP pc.

I tried many thing (re-installl the certificate, Reboot the Treo take off batteries)
I would like to upgrade the os to Windows mobile 6.0 but ISP block that. Anyway the user of the is french and version 6 is english only for now.

Any help will be appreciate.

Regards

Patrice
0
Comment
Question by:valiquettep
  • 7
  • 5
13 Comments
 
LVL 50

Accepted Solution

by:
Steve Bink earned 250 total points
Comment Utility
Is there no option to permanently accept the certificate as trusted (such as Firefox's "permanent exception" option)?  Otherwise, you have to find the root certificate the suspect cert is using, and install it.

Have you tried rebooting the device after installation?
0
 

Author Comment

by:valiquettep
Comment Utility
Yes I went on Comodo site (The two OWA site I can reach are secure with comodo ssl  certificate.) And I dowloaded the root certificate and intalet it on root store on the device (Treo 750 wx) and rebooted it.
Here is our OWA sites:
https://courrier.mrclaurentides.qc.ca
https://courrier.cslaurentides.qc.ca


Regards

Patrice

0
 
LVL 9

Expert Comment

by:chingmd
Comment Utility
for windows mobile, you need to export a pk7 or pki type cert from the server and use it for import on the mobile device.  

0
 

Author Comment

by:valiquettep
Comment Utility
Our 2 OWA sites are publish with ISA 2004 std. Is that mean I have to export the certificates (pk7) we in the web_listener we use to publish the owa site
?

Does I need to export private key too ?

In witch certificate store I should intalled it on the Treo WM5.0 ? (there only 2 stores on this OS Personal and root there is no intermediate store like WM 6.0)

Regards.
0
 
LVL 9

Expert Comment

by:chingmd
Comment Utility
I don't understand the first part of the question.  

You shouldn't send out the private key.  That key can be used to spoof your site.

I'm not positive what store to save it in, I would think the OS personal.

0
 

Author Comment

by:valiquettep
Comment Utility
Sorry, I realyse I wasn't clear and made some mistake on my explanation or comment. I should says that we have two Outlook web acces site we try to go with Internet Explorer On the Treo 700wx. The OS is Windows mobile 5.2.

Those 2 OWA site belong to 2 differents organizasion. They are boot protected with public InstantSSL certificates (COMODO) I installed the COMODO root certificates on the TREO 700wx. The certificates are intalled in the TREO Root certificate store. I still get an certificate error when I try to reach one of those 2 web sites.

Thought we did the same thing on a device HTC with Windows mobile 6 (installed the COMODO root certificates) And now we cant browse the 2 web site (OWA) without any certificate alert. Just like with any other pc.
Web site are:
https://courrier.cslaurentides.qc.ca (we have no administration control of this web site)
https://courrier.mrclaurentides.qc.ca (we publish this web site ourself over an ISA 2004 server std.)

Both of you, thanks for the suggestions.  I'm not at work at present, but will try this out this week.
Pat



0
Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

 
LVL 9

Assisted Solution

by:chingmd
chingmd earned 250 total points
Comment Utility
OK, thank you for the clarification, This is what I think you need.   The public certificate installed on the devices.  You basically want to trust the certificate itself, but specifically the issuer.

Here are the exported public certificates of the devices.  


publiccerts.zip
0
 
LVL 9

Expert Comment

by:chingmd
Comment Utility
Oops.  You'll need to remove the .TXT extentions on the files.  The uploader didn't like the file ending in .ca

0
 

Author Comment

by:valiquettep
Comment Utility
Thank you very much,
Once the 2 files (courrier.cslaurentides.qc.ca and MRCDESLAURENTIDES ) will being transfert to the device,  how I will instaled its ?  I will have access to the TREO only next  Wednesday (8).
Pat
0
 
LVL 9

Expert Comment

by:chingmd
Comment Utility
Send it through email to another account that is configured on the phone.

Or you can try use the installer tool that with the desktop tool?  It may be called active sync.. or palm desktop.
0
 

Author Comment

by:valiquettep
Comment Utility
Hi,
I have beed delayed to get the phone on October 15th. I willthen try your suggegstion and then back with feedback.
Thank you.
Regards.
Pat
0
 

Author Comment

by:valiquettep
Comment Utility
Hi,
I found the problem yesterday. I had installed the root certificates of the issuer but the ssl site protected with certificate from this issuer still doing a warning. I tried to delete and reinstall the root cert of the issuer and I had same result.
So I download an application called Certman. I use it to delete the root cert from the issuer.
I exported (in the format X.509 binary codage ER (.cer)) again the root certificate of the issuer (COMODO)  from an XP machine where web site protected with comodo certificate work..
I reinstalled on the Treo device and it began to work fine.
Thank you very much to all of you.
So the nearest solution was from chingmd and I will attribute points for that.
Pat
0
 

Author Closing Comment

by:valiquettep
Comment Utility
Thank you very much
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now