Import server certificate to E61

I have been having problems with this too and have managed at last to get it working with an SBS server. Here follows what I hope is the sequence that I used, but be aware that you try so many adjustments, there may be extra or less steps isnvolved.

I followed all the instructions on the net and was successful in installing the cert, but the prompt messages kept appearing.

We are using SBS server premium.
I saw this web page which refered to certsrv directory which did not exist on my server.
"www .msexchange .org /tutorials/SSL_Enabling_OWA_2003.html" (Remove spaces)
The default installation of my server did not have the windows component certification services installed, however the sbs certification wizard worked ok for pc's, so I followed the instructions on the web page, (note warning about name changes) right to the end. I checked from an external pc that the certificate was working.

Then using my home pc I browsed to "mail .mydomain .com/certsrv" (Remove spaces)
and logged in as administrator.
Select request a certificate
Select user certificate
Then select submit (With xp pro and explorer7 it says no futher details required at this stage, you may get different options.)
Click ok to warning about scripting
Screen then comes back saying certificate was issued and a link to install the certificate and click yes to the prompts.
This then installed two certificates to my pc.
Tools>Internet options>Content>Certificates
There were two certificates installed a personal certificate and a root trusted certificate, I browsed to the root trusted certificate and exported in der format, converted .cer file to .der file using openssl as per web instructions, copied resultant file to root of server, modified mime types for .der files on server as per wen instructions, browsed to the file using native explorer in E61 which then gave me option to install which I did and voila it worked, only took me 3 days!
Note the previous certificates I managed to install always had the local host name as the properties, whereas the final one use the correct fqdn used for webmail.
From what this exercise has taught me there are 3 bits to certification, Authority, server and client. The client gets the client cert form the server and then warns if it cannot get to verify against certifying authority. The bit we need to install is the certifying authority to get rid of the prompt. Without the full cert services in the sbs there is some limitation which prevents us getting a correctly formatted certify authority, thankyou microsoft!
Thanks to all the other posters, and good luck to anyone attempting their own configuration.
Regards
Chapelhill

Here's my certificate (in owa.zip) at DER format as described in this forum.
Unfortunatly, none of the solutions worked in my case.
Can someone help with this ?
Thanks

Hi Guys

Read this piece especially the second part dealing with cert imports

nostrasystems.ie/smartphone.php

Regards
Senan

well, not quite that bad but I am losiing the will to live. I am attempting to synchronise my E61 with a Exchange 2003 SP2 server using Roadsync. I have managed to import all the required certificates (bought one from Go Daddy) onto the device, the settings are correct, I have setup RPC over HTTPS on the server and that works. But still the bloody thing won't synchronise.

The Roadsync error I get suggests that my account has expired (no), my username is greater then 20 characters (no) or my password or username is wrong (no again - have tested with other users, etc). I am completely flummoxed. If anyone has any ideas please let me know. Many thanks to sunlie and Senan by the way, their posts on here helped me with the certificate issues in a big way. Great forum (shame about the E61).

Paul

Hi

Is this thread still open, i need help on this issue with openssl.

How do you use it with the command line, i have downloaded "openssl-0.9.8k.tar.tar" and extracted it to a folder put the cer file in there but get "not reconised as an internal or external command"

Do i have to install it somehow first?

Hope someone is still reading this and can help.

Thanks...

Hi Guys I am Thomas.
I also have the same problem. Make sure the certificate is in the DER format, not base64. The Exchange server can export the format for you by going to http://exchangeserveraddress/certsrv/. Copy the cert to your phone with bluetooth or whatever and then open it. It will ask you if you want to install it. After, you won't be prompted.