• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1168
  • Last Modified:

Certificate problem Can't browse https (SSL) sites

Hi,
I have a TREO 750 and I can't browse two of our Exchange OWA web site. There an certificate error. The error said that the certificate have the good name and date but we don't trust certificate. I nstalled the root certificates on the treo. and they appear in the root store but still have the error.

I can browse this site (and also synchronise) with auther phone HTC 6800 with Windows mobile 6.0 on who I installed the same root certificates. We also can browse those ssl site from any XP pc.

I tried many thing (re-installl the certificate, Reboot the Treo take off batteries)
I would like to upgrade the os to Windows mobile 6.0 but ISP block that. Anyway the user of the is french and version 6 is english only for now.

Any help will be appreciate.

Regards

Patrice
0
valiquettep
Asked:
valiquettep
  • 7
  • 5
2 Solutions
 
Steve BinkCommented:
Is there no option to permanently accept the certificate as trusted (such as Firefox's "permanent exception" option)?  Otherwise, you have to find the root certificate the suspect cert is using, and install it.

Have you tried rebooting the device after installation?
0
 
valiquettepAuthor Commented:
Yes I went on Comodo site (The two OWA site I can reach are secure with comodo ssl  certificate.) And I dowloaded the root certificate and intalet it on root store on the device (Treo 750 wx) and rebooted it.
Here is our OWA sites:
https://courrier.mrclaurentides.qc.ca
https://courrier.cslaurentides.qc.ca


Regards

Patrice

0
 
chingmdCommented:
for windows mobile, you need to export a pk7 or pki type cert from the server and use it for import on the mobile device.  

0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
valiquettepAuthor Commented:
Our 2 OWA sites are publish with ISA 2004 std. Is that mean I have to export the certificates (pk7) we in the web_listener we use to publish the owa site
?

Does I need to export private key too ?

In witch certificate store I should intalled it on the Treo WM5.0 ? (there only 2 stores on this OS Personal and root there is no intermediate store like WM 6.0)

Regards.
0
 
chingmdCommented:
I don't understand the first part of the question.  

You shouldn't send out the private key.  That key can be used to spoof your site.

I'm not positive what store to save it in, I would think the OS personal.

0
 
valiquettepAuthor Commented:
Sorry, I realyse I wasn't clear and made some mistake on my explanation or comment. I should says that we have two Outlook web acces site we try to go with Internet Explorer On the Treo 700wx. The OS is Windows mobile 5.2.

Those 2 OWA site belong to 2 differents organizasion. They are boot protected with public InstantSSL certificates (COMODO) I installed the COMODO root certificates on the TREO 700wx. The certificates are intalled in the TREO Root certificate store. I still get an certificate error when I try to reach one of those 2 web sites.

Thought we did the same thing on a device HTC with Windows mobile 6 (installed the COMODO root certificates) And now we cant browse the 2 web site (OWA) without any certificate alert. Just like with any other pc.
Web site are:
https://courrier.cslaurentides.qc.ca (we have no administration control of this web site)
https://courrier.mrclaurentides.qc.ca (we publish this web site ourself over an ISA 2004 server std.)

Both of you, thanks for the suggestions.  I'm not at work at present, but will try this out this week.
Pat



0
 
chingmdCommented:
OK, thank you for the clarification, This is what I think you need.   The public certificate installed on the devices.  You basically want to trust the certificate itself, but specifically the issuer.

Here are the exported public certificates of the devices.  


publiccerts.zip
0
 
chingmdCommented:
Oops.  You'll need to remove the .TXT extentions on the files.  The uploader didn't like the file ending in .ca

0
 
valiquettepAuthor Commented:
Thank you very much,
Once the 2 files (courrier.cslaurentides.qc.ca and MRCDESLAURENTIDES ) will being transfert to the device,  how I will instaled its ?  I will have access to the TREO only next  Wednesday (8).
Pat
0
 
chingmdCommented:
Send it through email to another account that is configured on the phone.

Or you can try use the installer tool that with the desktop tool?  It may be called active sync.. or palm desktop.
0
 
valiquettepAuthor Commented:
Hi,
I have beed delayed to get the phone on October 15th. I willthen try your suggegstion and then back with feedback.
Thank you.
Regards.
Pat
0
 
valiquettepAuthor Commented:
Hi,
I found the problem yesterday. I had installed the root certificates of the issuer but the ssl site protected with certificate from this issuer still doing a warning. I tried to delete and reinstall the root cert of the issuer and I had same result.
So I download an application called Certman. I use it to delete the root cert from the issuer.
I exported (in the format X.509 binary codage ER (.cer)) again the root certificate of the issuer (COMODO)  from an XP machine where web site protected with comodo certificate work..
I reinstalled on the Treo device and it began to work fine.
Thank you very much to all of you.
So the nearest solution was from chingmd and I will attribute points for that.
Pat
0
 
valiquettepAuthor Commented:
Thank you very much
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now