Solved

Certificate problem Can't browse https  (SSL) sites

Posted on 2008-10-04
13
1,105 Views
Last Modified: 2013-12-05
Hi,
I have a TREO 750 and I can't browse two of our Exchange OWA web site. There an certificate error. The error said that the certificate have the good name and date but we don't trust certificate. I nstalled the root certificates on the treo. and they appear in the root store but still have the error.

I can browse this site (and also synchronise) with auther phone HTC 6800 with Windows mobile 6.0 on who I installed the same root certificates. We also can browse those ssl site from any XP pc.

I tried many thing (re-installl the certificate, Reboot the Treo take off batteries)
I would like to upgrade the os to Windows mobile 6.0 but ISP block that. Anyway the user of the is french and version 6 is english only for now.

Any help will be appreciate.

Regards

Patrice
0
Comment
Question by:valiquettep
  • 7
  • 5
13 Comments
 
LVL 50

Accepted Solution

by:
Steve Bink earned 250 total points
ID: 22641913
Is there no option to permanently accept the certificate as trusted (such as Firefox's "permanent exception" option)?  Otherwise, you have to find the root certificate the suspect cert is using, and install it.

Have you tried rebooting the device after installation?
0
 

Author Comment

by:valiquettep
ID: 22641943
Yes I went on Comodo site (The two OWA site I can reach are secure with comodo ssl  certificate.) And I dowloaded the root certificate and intalet it on root store on the device (Treo 750 wx) and rebooted it.
Here is our OWA sites:
https://courrier.mrclaurentides.qc.ca
https://courrier.cslaurentides.qc.ca


Regards

Patrice

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22642085
for windows mobile, you need to export a pk7 or pki type cert from the server and use it for import on the mobile device.  

0
 

Author Comment

by:valiquettep
ID: 22642120
Our 2 OWA sites are publish with ISA 2004 std. Is that mean I have to export the certificates (pk7) we in the web_listener we use to publish the owa site
?

Does I need to export private key too ?

In witch certificate store I should intalled it on the Treo WM5.0 ? (there only 2 stores on this OS Personal and root there is no intermediate store like WM 6.0)

Regards.
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22647315
I don't understand the first part of the question.  

You shouldn't send out the private key.  That key can be used to spoof your site.

I'm not positive what store to save it in, I would think the OS personal.

0
 

Author Comment

by:valiquettep
ID: 22647751
Sorry, I realyse I wasn't clear and made some mistake on my explanation or comment. I should says that we have two Outlook web acces site we try to go with Internet Explorer On the Treo 700wx. The OS is Windows mobile 5.2.

Those 2 OWA site belong to 2 differents organizasion. They are boot protected with public InstantSSL certificates (COMODO) I installed the COMODO root certificates on the TREO 700wx. The certificates are intalled in the TREO Root certificate store. I still get an certificate error when I try to reach one of those 2 web sites.

Thought we did the same thing on a device HTC with Windows mobile 6 (installed the COMODO root certificates) And now we cant browse the 2 web site (OWA) without any certificate alert. Just like with any other pc.
Web site are:
https://courrier.cslaurentides.qc.ca (we have no administration control of this web site)
https://courrier.mrclaurentides.qc.ca (we publish this web site ourself over an ISA 2004 server std.)

Both of you, thanks for the suggestions.  I'm not at work at present, but will try this out this week.
Pat



0
Why won’t your email signature format correctly?

Struggling to get your corporate email signatures to format correctly? Does the logo keep resizing? Is the text appearing too big? What can you do to prevent this? Find out how you can save your signatures today.

 
LVL 9

Assisted Solution

by:chingmd
chingmd earned 250 total points
ID: 22650226
OK, thank you for the clarification, This is what I think you need.   The public certificate installed on the devices.  You basically want to trust the certificate itself, but specifically the issuer.

Here are the exported public certificates of the devices.  


publiccerts.zip
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22650233
Oops.  You'll need to remove the .TXT extentions on the files.  The uploader didn't like the file ending in .ca

0
 

Author Comment

by:valiquettep
ID: 22655729
Thank you very much,
Once the 2 files (courrier.cslaurentides.qc.ca and MRCDESLAURENTIDES ) will being transfert to the device,  how I will instaled its ?  I will have access to the TREO only next  Wednesday (8).
Pat
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22661404
Send it through email to another account that is configured on the phone.

Or you can try use the installer tool that with the desktop tool?  It may be called active sync.. or palm desktop.
0
 

Author Comment

by:valiquettep
ID: 22695253
Hi,
I have beed delayed to get the phone on October 15th. I willthen try your suggegstion and then back with feedback.
Thank you.
Regards.
Pat
0
 

Author Comment

by:valiquettep
ID: 22731361
Hi,
I found the problem yesterday. I had installed the root certificates of the issuer but the ssl site protected with certificate from this issuer still doing a warning. I tried to delete and reinstall the root cert of the issuer and I had same result.
So I download an application called Certman. I use it to delete the root cert from the issuer.
I exported (in the format X.509 binary codage ER (.cer)) again the root certificate of the issuer (COMODO)  from an XP machine where web site protected with comodo certificate work..
I reinstalled on the Treo device and it began to work fine.
Thank you very much to all of you.
So the nearest solution was from chingmd and I will attribute points for that.
Pat
0
 

Author Closing Comment

by:valiquettep
ID: 31503076
Thank you very much
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
How to record audio from input sources to your PC – connected devices, connected preamp to record vinyl discs, streaming media, that play through your audio card: Vista, Windows 7, Windows 8, Windows 8.1 and Windows 10 – both 32 bit & 64.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now