Solved

Certificate problem Can't browse https  (SSL) sites

Posted on 2008-10-04
13
1,121 Views
Last Modified: 2013-12-05
Hi,
I have a TREO 750 and I can't browse two of our Exchange OWA web site. There an certificate error. The error said that the certificate have the good name and date but we don't trust certificate. I nstalled the root certificates on the treo. and they appear in the root store but still have the error.

I can browse this site (and also synchronise) with auther phone HTC 6800 with Windows mobile 6.0 on who I installed the same root certificates. We also can browse those ssl site from any XP pc.

I tried many thing (re-installl the certificate, Reboot the Treo take off batteries)
I would like to upgrade the os to Windows mobile 6.0 but ISP block that. Anyway the user of the is french and version 6 is english only for now.

Any help will be appreciate.

Regards

Patrice
0
Comment
Question by:valiquettep
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
13 Comments
 
LVL 51

Accepted Solution

by:
Steve Bink earned 250 total points
ID: 22641913
Is there no option to permanently accept the certificate as trusted (such as Firefox's "permanent exception" option)?  Otherwise, you have to find the root certificate the suspect cert is using, and install it.

Have you tried rebooting the device after installation?
0
 

Author Comment

by:valiquettep
ID: 22641943
Yes I went on Comodo site (The two OWA site I can reach are secure with comodo ssl  certificate.) And I dowloaded the root certificate and intalet it on root store on the device (Treo 750 wx) and rebooted it.
Here is our OWA sites:
https://courrier.mrclaurentides.qc.ca
https://courrier.cslaurentides.qc.ca


Regards

Patrice

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22642085
for windows mobile, you need to export a pk7 or pki type cert from the server and use it for import on the mobile device.  

0
Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

 

Author Comment

by:valiquettep
ID: 22642120
Our 2 OWA sites are publish with ISA 2004 std. Is that mean I have to export the certificates (pk7) we in the web_listener we use to publish the owa site
?

Does I need to export private key too ?

In witch certificate store I should intalled it on the Treo WM5.0 ? (there only 2 stores on this OS Personal and root there is no intermediate store like WM 6.0)

Regards.
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22647315
I don't understand the first part of the question.  

You shouldn't send out the private key.  That key can be used to spoof your site.

I'm not positive what store to save it in, I would think the OS personal.

0
 

Author Comment

by:valiquettep
ID: 22647751
Sorry, I realyse I wasn't clear and made some mistake on my explanation or comment. I should says that we have two Outlook web acces site we try to go with Internet Explorer On the Treo 700wx. The OS is Windows mobile 5.2.

Those 2 OWA site belong to 2 differents organizasion. They are boot protected with public InstantSSL certificates (COMODO) I installed the COMODO root certificates on the TREO 700wx. The certificates are intalled in the TREO Root certificate store. I still get an certificate error when I try to reach one of those 2 web sites.

Thought we did the same thing on a device HTC with Windows mobile 6 (installed the COMODO root certificates) And now we cant browse the 2 web site (OWA) without any certificate alert. Just like with any other pc.
Web site are:
https://courrier.cslaurentides.qc.ca (we have no administration control of this web site)
https://courrier.mrclaurentides.qc.ca (we publish this web site ourself over an ISA 2004 server std.)

Both of you, thanks for the suggestions.  I'm not at work at present, but will try this out this week.
Pat



0
 
LVL 9

Assisted Solution

by:chingmd
chingmd earned 250 total points
ID: 22650226
OK, thank you for the clarification, This is what I think you need.   The public certificate installed on the devices.  You basically want to trust the certificate itself, but specifically the issuer.

Here are the exported public certificates of the devices.  


publiccerts.zip
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22650233
Oops.  You'll need to remove the .TXT extentions on the files.  The uploader didn't like the file ending in .ca

0
 

Author Comment

by:valiquettep
ID: 22655729
Thank you very much,
Once the 2 files (courrier.cslaurentides.qc.ca and MRCDESLAURENTIDES ) will being transfert to the device,  how I will instaled its ?  I will have access to the TREO only next  Wednesday (8).
Pat
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22661404
Send it through email to another account that is configured on the phone.

Or you can try use the installer tool that with the desktop tool?  It may be called active sync.. or palm desktop.
0
 

Author Comment

by:valiquettep
ID: 22695253
Hi,
I have beed delayed to get the phone on October 15th. I willthen try your suggegstion and then back with feedback.
Thank you.
Regards.
Pat
0
 

Author Comment

by:valiquettep
ID: 22731361
Hi,
I found the problem yesterday. I had installed the root certificates of the issuer but the ssl site protected with certificate from this issuer still doing a warning. I tried to delete and reinstall the root cert of the issuer and I had same result.
So I download an application called Certman. I use it to delete the root cert from the issuer.
I exported (in the format X.509 binary codage ER (.cer)) again the root certificate of the issuer (COMODO)  from an XP machine where web site protected with comodo certificate work..
I reinstalled on the Treo device and it began to work fine.
Thank you very much to all of you.
So the nearest solution was from chingmd and I will attribute points for that.
Pat
0
 

Author Closing Comment

by:valiquettep
ID: 31503076
Thank you very much
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question