How can I prevent signed binaries previously run on device to no longer be considered as trusted I've removed the certificate they are chained to ? :evil:
See the LoaderRevocation Configuration Service Provider
http://msdn.microsoft.com/library/d...addingtworevocationhashestorevocationlist.asp
or read about Revocation here:
http://msdn.microsoft.com/library/d.../wce51conwindowsmobiledevicesecuritymodel.asp
Related
Hello Everyone
I have configured my server & device (SPV M3100 WM2005) to allow direct push but when I sync I get a error which states my security certificate is invalid?
I created the certificate via StartCom Free SSL CA which have sucessfully installed on my server. (OWA & OMA all working correcly using SSL)
However when I try direct push I am unable to sync receiving the above security error.
I have tried exporting the cert to my device..no luck
I have tried using the smartphoneaddcert..no luck
Is this a problem with my orange operator not allowing SSL cert to be installed?? Is there away around this? Eg registry hack etc? If yes, how?
thanks in advance
Jonathan
Check the date and time on your device... it must be correct for the cert to be valid...
Also search for adding root cert via xml in google.
You could just disable security entirely...
You have to make sure the CA issuing the SSL cert. to use is in the trusted root CA list. If that's unsure, you can add the root CA cert again. The free SSL cert company should have the cert being able to download. However, if it's internal CA via Windows, that pretty easy: just use PIE to browse to the CA cert page and click "download root cert". Good luck man.
And if you can't get the certificate to download, you can always put the root certificate on your PDA (by AS) and execute it, then it'll also be registered propperly. After that, it should defenitly work.
i too use StartCom Free SSL. works great!
TseLawrence said:
You have to make sure the CA issuing the SSL cert. to use is in the trusted root CA list. If that's unsure, you can add the root CA cert again. The free SSL cert company should have the cert being able to download. However, if it's internal CA via Windows, that pretty easy: just use PIE to browse to the CA cert page and click "download root cert". Good luck man.
Click to expand...
Click to collapse
I downloaded the cert from the CA page however my device does not recognise the file. It saves as aphp file?
Heimiko said:
And if you can't get the certificate to download, you can always put the root certificate on your PDA (by AS) and execute it, then it'll also be registered propperly. After that, it should defenitly work.
i too use StartCom Free SSL. works great!
Click to expand...
Click to collapse
I emailed the cert which was installed on my server, then sync'd it to my device without luck? Do i need to sync while actually attached to my server. I am currently doing all this remotely as I do not have physical access to the server as of yet?
JOY JOY Worked it out!!
I exported my Cert as a "PKCS #7 Certificate"
When I opened the cert I had all three certs in the chain.
I then sync'd all three cert onto my device and installed in order.
My device is now syn'cd via direct push!
Yippeeee
Hi all i did post this in the generic upgrading but as it's an issue with the M3100 i though i would try here.
Anyhow i have been trying to get a safemode app to run on a couple of Orange phones (M3100 & M600) and this was the reply i had from one of the developers
"An app properly signed with a M2M certificate will run on every Windows Mobile 5.0 device EXCEPT:
Devices shipped by Orange do not include the Mobile2Market Privileged certificate, but do include the Normal M2M certificate"
(http://msdn.microsoft.com/windowsmob...s/default.aspx)
So my question , Is it possible to extract the cert from another phone and Add them to my phone ?
and if so which ones do i look for and how would i do it ?
Thanks
dean
AFAIK, the only time the privileged cert is required is during device customization (extrom load). Is this something you need to do? The standard M2M cert allows you to set up services that auto-load etc...
Thanks for the reply
I had previously tried Ilauncher & SPB Safemode apps and could not get either to work on my M600 until i upgraded the rom to a generic one.
Now i have the same issue with the M3100
So now i have tried the safemode app from www.monocube.com
and that has the same problems.
The developer in the forums wrote
"The only thing I can think of is that Orange ROMs do not have the Microsoft M2M privileged certificates installed. SafeMode (and other safe mode apps) uses this certificate, because it calls privileged system functions.
I know Orange has a special developer program, in order to get an application signed for their models, however I didn't look into it so much. The only suggestion I have at the moment is to change the rom - but I will look into their developer program. "
Then confirmed it with
"It seems I was right:
"An app properly signed with a M2M certificate will run on every Windows Mobile 5.0 device EXCEPT:
Devices shipped by Orange do not include the Mobile2Market Privileged certificate, but do include the Normal M2M certificate"
(http://msdn.microsoft.com/windowsmobile/partners/mobile2market/smartphoneapps/default.aspx)
Unfortunately, it's a bit too expensive to get an application signed for Orange devices, because it also needs to be certifed for Windows Mobile ($600), and then pass their own tests."
This would add up to be correct as the M600 only worked when a generic rom was installed which obviously had the correct M2M cert included
I have downloaded different hermes roms and looked at the Cert cab files in the EXT roms but they made no difference after installing them into the orange rom.
The problem is i don't know if they need to be enabled in the rom or if they are just certs that can be ripped from another phone.
Any more info is apreciated
Dean
Just a bit more info i found other Certs from a couple of roms and again no joy
Just to tie this down to the orange certificate issue can anyone with a Hermes other than a M3100 (or a M3100 with another Rom) please confirm that a safemode app works.
Thanks
Yep, Safemode is one reason... Only priviledged apps can run then.
Orange must only supply their operator cert for priviledged mode execution.... I don't think installing an operator root can fix you. Only apps signed with that operator's certs will run when that is the case.
Your fix should be to install a M2M priviledged mode root cert. Not sure what you need to do that though.
I can confirm that SPB safe mode works on my TyTN.
I was trying to upgrade my MIDLET Manager to 11.1.7.1023 using Risidoro_Intent_MIDlet_Manager_v11.zip and following instructions given in
http://forum.xda-developers.com/showthread.php?t=286604&page=3
Risidoro says:
-> download MS Certificate Powertoy from HERE.
-> install it in your PC, connect the phone to usb and run the program
-> Choose the 'No security' (i don't remember the exact name) configuration and apply
-> reinstall the Midlet manager
Performed all the above steps but the midlet manager still gave the security issue. Anyways that wasnt much of a concern but the following are now definitely a concern:
a) I cant connect to MS Communicator :
Error: The file 'Communicator' cannot be opened. Either it is not signed with a trusted certificate, or one of its components cannot be found. You might need to reinstall or restore this file.
b) I cant connect to PIM Backup :
Error: Same as above
c) The Security Configuration Manager installed on the PC can no longer provision security back from "No Security". It cannot retrieve the mobile configuration which it was able to before i had provisioned it to "No Security" following the above steps by Risidoro.
Please advise ?
I need to install a certificate for wifi on my university. As you all know PEAP needs a personal certificate. But when i install the certificate it's placed in the base folder and not in the personal folder.
Yes i added the ValidateServerCert to the registery.
Anyone can help?
If I am not mistaken it should be in the base
or it may depend on the certificate
In my case I also need a cer to use my Uni's WiFi and when I install it I find it in the base list
my problem is the certificate seems to be outdated otherwise according to the instruction I had the certificate should be in the base list.
Not sure if this helps, I have a digital certificate which allows me to get onto my work email from home.
I just copied the certificate to my memory card and then opened it through the phones file explorer.
It installed the certificate for me.
I installed the certificate the same way as you. But when i try to connect the router, it says: "you need a personal certificate" and personal certificates are used to identify yourself and base certifactes are not. So i think i need to get that certifacte to te personal folder.
Have you tried via ActiveSync? Saw an option last night, although have no experiences with certs.
Try secureW2 plug-in. (use google to find it)
A common problem is that you need certain root certificates as well- and WM doesn't download/ install them.
There are even networks that you won't be able to connect to using PEAP- like the one my uni uses. Don't ask me for detailed reasons... It's some kind of yet unsolved WM-WiFi-certificate-issue.
i use secureW2 as well at my university... works great
Guys, how to remove the expired root certificate (Secure Server Certification Authority of Verisign) from the store? I cannot connect to my mail server because the ActiveSync says: "The security certificate on the server is not valid. Contact your Exchange Server administrator...blablabla". The cert on the Exchange is valid (doublechecked), but the device's root cert expired in January this year. I installed the newest Verisign certs but the old root cert is still there.
If I right click on the cert (Settings\System\Certificates\Root), the DELETE option is grayed out. I have read somewhere that MANAGER role would be needed for this. My phone is no longer enrolled in any domain however the certs were installed earlier when the device was member of the domain of the company I used to work.
What to do now?