The ActiveSync works just fine in E61, only one problem it keeps asking to accept my server certificate. I use SBS 2003 server that create its own certificate. Anyone know how to import a server certificate to E61 ?
Import server certificate to E61
sunlie wrote:The ActiveSync works just fine in E61, only one problem it keeps asking to accept my server certificate. I use SBS 2003 server that create its own certificate. Anyone know how to import a server certificate to E61 ?
Hi, what you have to do is the following:
1) Get a .CER (the certificate) file from your administrator and save it to your hard drive somewhere
2) Using PCSuite, copy that .CER file to your phone in any folder really. Documents will work
3) Using FileManager on your phone, navigate to the file, and you should be able to "open" it, and then it will say do you want to import it.
Tx
P
phazlehurst wrote:Hi, what you have to do is the following:1) Get a .CER (the certificate) file from your administrator and save it to your hard drive somewhere
2) Using PCSuite, copy that .CER file to your phone in any folder really. Documents will work
3) Using FileManager on your phone, navigate to the file, and you should be able to "open" it, and then it will say do you want to import it.Tx
P
Thanks, try that, when I open it, nothing happen, no question ask wheter I would like to import it or not. Any other suggestion anyone ? :con?
Check the format;
Try sending a X.509v3 format cert file to the phone over Bluetooth and then open the received message, or download it from a web or WAP page (assuming the server has been configured to send the correct MIME type, application/x-x509-ca-cert).
Rafe wrote:Check the format;Try sending a X.509v3 format cert file to the phone over Bluetooth and then open the received message, or download it from a web or WAP page (assuming the server has been configured to send the correct MIME type, application/x-x509-ca-cert).
Try to send it with Bluetooth, nothing happen when I open it, just a blink on the screen. Try to put the certificate in a webpage and set the correct MIME, but the phone open it as a text file. Still no luck here...:frown:
I had the same problem. Make sure the certificate is in the DER format, not base64. The Exchange server can export the format for you by going to http://exchangeserveraddress/certsrv/. Copy the cert to your phone with bluetooth or whatever and then open it. It will ask you if you want to install it. After, you won't be prompted.
Hope this helps.
shidongting wrote:I had the same problem. Make sure the certificate is in the DER format, not base64. The Exchange server can export the format for you by going to http://exchangeserveraddress/certsrv/. Copy the cert to your phone with bluetooth or whatever and then open it. It will ask you if you want to install it. After, you won't be prompted.Hope this helps.
Thanks, but since I use SBS 2003 I dont have the certsrv installed. Still no luck. Wouldn't it be nice if some one came up with an application to import certificate...
I understand that you cna use openssl to convert certificates. I don't the details, but perhaps you could to a Google for this?
Finally... I can make the E61 to install my certificate, thanks Rafe for the OpenSSL tips. It turns out that the E61 can't accept the server exported certificate "as is", you have to convert the .cer certificate exported by SBS 2003 to .pem then converted it again to .der using OpenSSL, put the newly converted .der certificate in your web server root and access it with E61 default browser. Now my E61 happily activesync every 1 hour.
Hey There,
I am running into alot of problems getting a certif on my E61, could some one please help me set it up using openssl. i have no idea where to start
Bluemonkey, you aren't the only one. We ordered 5 of these phones with plans to scale to over 100 for our enterprise, and what a disaster. I have had more trouble getting the stupid cert to work on this device, it's a nightmare.
I've tried everything - I'm hoping someone would be kind enough to grab our cert from me and help me make it work. Please.... ?
Bluemonkey, vdhd, I'll try to help you guys if I could, kindly provide me with the URL of your secure website see if I can convert the certificate.
I will take you up on that - thankyou!
So can any1 shed any light on how to import server root certs then? We have a self-signed root cert on our Windows 2003 server where Exchange is installed. I access the site, double click the secure lock icon and copy the cert to my desktop as a DER formatted cert. I then proceed to copy the .cer cert over to my E61 but it wont open it saying unknown format. I copy the same cert to my N70 and it installs fine.
I've used OpenSSL to copy to and from PEM to DER format - still no joy. Could it be that there is something wrong with self certified root certs created using Windows Certification Server?
I am having the same problem with a P990i. I can install the certificate but they are held in the user store not in the CA store. When I sync I have to ok the certificate each time. If anyone has a solution then please post it here. I have tried using OpenSSL to convert the .cer file but it doesn't seem to make a difference.
matt_storr wrote:So can any1 shed any light on how to import server root certs then? We have a self-signed root cert on our Windows 2003 server where Exchange is installed. I access the site, double click the secure lock icon and copy the cert to my desktop as a DER formatted cert. I then proceed to copy the .cer cert over to my E61 but it wont open it saying unknown format. I copy the same cert to my N70 and it installs fine.I've used OpenSSL to copy to and from PEM to DER format - still no joy. Could it be that there is something wrong with self certified root certs created using Windows Certification Server?
matt_storr, have you try putting the OpenSSL converted certificate to your website root directory and access it using the E61 built in web browser ? In my case this is the only way I can install the certificate.
Sunlie, could you post the conversion process step by step please? Just so there's a record of how it's done. Thank you.
karlossus, here's how I do it :
- export the .cer certificate
- use OpenSSL to convert the certificate to .pem, using the command : openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem
- convert the .pem to .der using command : openssl x509 -outform der -in MYCERT.pem -out MYCERT.der
- copy the .der cetificate to the website root directory (recommended) or copy it to a newly created directory
- set the directory MIME types to application/x-x509-ca-cert for .der extension
- browse the file using the E61 built in web browser, the certificate will install automatically
From all possible ways, this is the only way I can get the certificate installed on my E61, hope it's helpfull.
Thanks Sunlie, those are great instructions. However it still hasn't worked for me. As always the certificate appears in the User folder of the certificate manager and not in the CA folder. Then Activesync still always asks if I trust the Exchange server (I do I do).
There must be a bug somewhere which isn't allowing me to trust the certificate properly.
It's a P990i I am trying to set up though both it and the E61 are the same version of symbian.
Thanks for your help again Sunlie.
Sorry for the thread archaeology, but a thought occurs to me having spent a long day playing with this myself.
What are the subjects of these failed certificates? Mine appears to be listing the internal domain (.local) rather than the domain the device thinks its connecting to (.com)
If I could figure out how to recreate the certificate for the external domain I'd test the theory but I don't know how to do that just yet...
Any thoughts?
Sunlie-
This is the only place on the web where I've found proper directions to get this installed. I have an e62, and I've tried copying, sending, emailing the .der certificate without luck. It will not recognize the file format.
The only option was to publish or copy this to a directory on your exchange server website, with the proper MIME type added for the .der file type.
Thank you!!
Karlossus, I have the same problem you have. The certificate appears in the 'user' folder, not the 'CA' folder. Did you find a solution yet?
Thanks,
Bjorn
bjornhij wrote:Karlossus, I have the same problem you have. The certificate appears in the 'user' folder, not the 'CA' folder. Did you find a solution yet?
Are you sure you're importing the CA's (Certificate Authority's) certificate and not the server's certificate?
Hello,
I've seen your comments in the forum and after following forum's indication was able to install the certificate to my N80 (S60 3rd ed) but it continues to ask for confirmation whenever I access the webpage.
Any ideas?
Thanks,
NOTE: I can find ther certificate in my N80 Certificate folder...
Joao Ventura
You will have to forgive me if my terminology is a little off, I am not fully conversant with all this.
I recently had to get an E61 working with an Exchange email server and hit the request to accept the certificate problem when it synchronised. I tried many of the above suggestions to no avail. I have fixed it though, and learnt a few things along the way.
What I didn't realise is that there are 2 certificates involved in the process. The 1st is what I will call the "root certificate" created on my Windows 2003 server, it has a 5 year life span. The 2nd is what I will call the "client certificate". The client certificate is a child, for want of a better word, of the root one.
I found that the only certificate I could install on the E61, by copying the .cer file across with no conversion necessary, was the root certificate. All others were rejected. Installing this made no difference to the acceptance request when syncing. The syncing, or web-browsing process, calls the client certificate and it not seen as trusted, hence the prompt.
The fix I found was to tell the E61 to trust my root certificate. Here's how:
Menu - Settings - Security - Certif. management
Find your root certificate (xyzCA in my case) in the list. Options - Trust settings. Set "Internet" and "Online certif. check" to Yes.
Hopefully now when you sync the client certificate will be trusted, because the root one is seen as a trusted source.
@pelwell
Where did you copy your .cer file to on your E61
/agerbo
I just copied the file across, via USB, to the Documents folder, though any folder will do.
The process is simple, and i just got my email client to work with my imap server.
Just send the .cer file to the phone, and open Certificate Manager in Tools. Then, add this .cer file. Once you added, select it, and hit View Details, and then Trust Settings. MAKE SURE email and web browsing is set to 'yes'. This will allow your email clients to trust the corresponding imap server and stop asking you repeatedly about accepting certificates!
Hi all. I've been trying to get exchange server to work with my E62, and its been a struggle. Although i'm a bit over my head here, i'm trying to learn and have found the forum helpful.
So here's where I am:
Have 2 certificates from my admin (who says on my own since not a windows device) ROOT Certificate.cer and EXPORTED owa.hedhifi.com SSLcertificate.cer that I have transferred to phone via USB into a cert file i created.
As far as i can tell, there isn't a way to add the files using certificate manager. The manager only shows the files that exist on the phone, and won't allow me to browse to the new ones.
The phone just keeps saying "can't open file" or "unknown file type" so it won't allow me to take any action.
I could try to download the file directly as some in the forum have suggested, but others say it works fine to manually transfer.
Does anyone have any suggestions? Any help would be appreciated, I really need to get this figured out...
Cheers.
Can anyone help me out with this? I haven't been able to make any progress, and can't find information elsewhere...
Thanks.