?
Solved

Certificate problem Can't browse https  (SSL) sites

Posted on 2008-10-04
13
Medium Priority
?
1,131 Views
Last Modified: 2013-12-05
Hi,
I have a TREO 750 and I can't browse two of our Exchange OWA web site. There an certificate error. The error said that the certificate have the good name and date but we don't trust certificate. I nstalled the root certificates on the treo. and they appear in the root store but still have the error.

I can browse this site (and also synchronise) with auther phone HTC 6800 with Windows mobile 6.0 on who I installed the same root certificates. We also can browse those ssl site from any XP pc.

I tried many thing (re-installl the certificate, Reboot the Treo take off batteries)
I would like to upgrade the os to Windows mobile 6.0 but ISP block that. Anyway the user of the is french and version 6 is english only for now.

Any help will be appreciate.

Regards

Patrice
0
Comment
Question by:valiquettep
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
13 Comments
 
LVL 51

Accepted Solution

by:
Steve Bink earned 750 total points
ID: 22641913
Is there no option to permanently accept the certificate as trusted (such as Firefox's "permanent exception" option)?  Otherwise, you have to find the root certificate the suspect cert is using, and install it.

Have you tried rebooting the device after installation?
0
 

Author Comment

by:valiquettep
ID: 22641943
Yes I went on Comodo site (The two OWA site I can reach are secure with comodo ssl  certificate.) And I dowloaded the root certificate and intalet it on root store on the device (Treo 750 wx) and rebooted it.
Here is our OWA sites:
https://courrier.mrclaurentides.qc.ca
https://courrier.cslaurentides.qc.ca


Regards

Patrice

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22642085
for windows mobile, you need to export a pk7 or pki type cert from the server and use it for import on the mobile device.  

0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 

Author Comment

by:valiquettep
ID: 22642120
Our 2 OWA sites are publish with ISA 2004 std. Is that mean I have to export the certificates (pk7) we in the web_listener we use to publish the owa site
?

Does I need to export private key too ?

In witch certificate store I should intalled it on the Treo WM5.0 ? (there only 2 stores on this OS Personal and root there is no intermediate store like WM 6.0)

Regards.
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22647315
I don't understand the first part of the question.  

You shouldn't send out the private key.  That key can be used to spoof your site.

I'm not positive what store to save it in, I would think the OS personal.

0
 

Author Comment

by:valiquettep
ID: 22647751
Sorry, I realyse I wasn't clear and made some mistake on my explanation or comment. I should says that we have two Outlook web acces site we try to go with Internet Explorer On the Treo 700wx. The OS is Windows mobile 5.2.

Those 2 OWA site belong to 2 differents organizasion. They are boot protected with public InstantSSL certificates (COMODO) I installed the COMODO root certificates on the TREO 700wx. The certificates are intalled in the TREO Root certificate store. I still get an certificate error when I try to reach one of those 2 web sites.

Thought we did the same thing on a device HTC with Windows mobile 6 (installed the COMODO root certificates) And now we cant browse the 2 web site (OWA) without any certificate alert. Just like with any other pc.
Web site are:
https://courrier.cslaurentides.qc.ca (we have no administration control of this web site)
https://courrier.mrclaurentides.qc.ca (we publish this web site ourself over an ISA 2004 server std.)

Both of you, thanks for the suggestions.  I'm not at work at present, but will try this out this week.
Pat



0
 
LVL 9

Assisted Solution

by:chingmd
chingmd earned 750 total points
ID: 22650226
OK, thank you for the clarification, This is what I think you need.   The public certificate installed on the devices.  You basically want to trust the certificate itself, but specifically the issuer.

Here are the exported public certificates of the devices.  


publiccerts.zip
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22650233
Oops.  You'll need to remove the .TXT extentions on the files.  The uploader didn't like the file ending in .ca

0
 

Author Comment

by:valiquettep
ID: 22655729
Thank you very much,
Once the 2 files (courrier.cslaurentides.qc.ca and MRCDESLAURENTIDES ) will being transfert to the device,  how I will instaled its ?  I will have access to the TREO only next  Wednesday (8).
Pat
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22661404
Send it through email to another account that is configured on the phone.

Or you can try use the installer tool that with the desktop tool?  It may be called active sync.. or palm desktop.
0
 

Author Comment

by:valiquettep
ID: 22695253
Hi,
I have beed delayed to get the phone on October 15th. I willthen try your suggegstion and then back with feedback.
Thank you.
Regards.
Pat
0
 

Author Comment

by:valiquettep
ID: 22731361
Hi,
I found the problem yesterday. I had installed the root certificates of the issuer but the ssl site protected with certificate from this issuer still doing a warning. I tried to delete and reinstall the root cert of the issuer and I had same result.
So I download an application called Certman. I use it to delete the root cert from the issuer.
I exported (in the format X.509 binary codage ER (.cer)) again the root certificate of the issuer (COMODO)  from an XP machine where web site protected with comodo certificate work..
I reinstalled on the Treo device and it began to work fine.
Thank you very much to all of you.
So the nearest solution was from chingmd and I will attribute points for that.
Pat
0
 

Author Closing Comment

by:valiquettep
ID: 31503076
Thank you very much
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
In this modest contribution, I want to share with the IT community (especially system administrators, IT Support Engineers and IT Help Desks) about Windows crashes/hangs and how to deal with these particular problems.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question