SSL Cert Problem with direct push - 8525, TyTN, MDA Vario II, JasJam General

Hello Everyone
I have configured my server & device (SPV M3100 WM2005) to allow direct push but when I sync I get a error which states my security certificate is invalid?
I created the certificate via StartCom Free SSL CA which have sucessfully installed on my server. (OWA & OMA all working correcly using SSL)
However when I try direct push I am unable to sync receiving the above security error.
I have tried exporting the cert to my device..no luck
I have tried using the smartphoneaddcert..no luck
Is this a problem with my orange operator not allowing SSL cert to be installed?? Is there away around this? Eg registry hack etc? If yes, how?
thanks in advance
Jonathan

Check the date and time on your device... it must be correct for the cert to be valid...
Also search for adding root cert via xml in google.

You could just disable security entirely...

You have to make sure the CA issuing the SSL cert. to use is in the trusted root CA list. If that's unsure, you can add the root CA cert again. The free SSL cert company should have the cert being able to download. However, if it's internal CA via Windows, that pretty easy: just use PIE to browse to the CA cert page and click "download root cert". Good luck man.

And if you can't get the certificate to download, you can always put the root certificate on your PDA (by AS) and execute it, then it'll also be registered propperly. After that, it should defenitly work.
i too use StartCom Free SSL. works great!

TseLawrence said:
You have to make sure the CA issuing the SSL cert. to use is in the trusted root CA list. If that's unsure, you can add the root CA cert again. The free SSL cert company should have the cert being able to download. However, if it's internal CA via Windows, that pretty easy: just use PIE to browse to the CA cert page and click "download root cert". Good luck man.
Click to expand...
Click to collapse
I downloaded the cert from the CA page however my device does not recognise the file. It saves as aphp file?
Heimiko said:
And if you can't get the certificate to download, you can always put the root certificate on your PDA (by AS) and execute it, then it'll also be registered propperly. After that, it should defenitly work.
i too use StartCom Free SSL. works great!
Click to expand...
Click to collapse
I emailed the cert which was installed on my server, then sync'd it to my device without luck? Do i need to sync while actually attached to my server. I am currently doing all this remotely as I do not have physical access to the server as of yet?

JOY JOY Worked it out!!
I exported my Cert as a "PKCS #7 Certificate"
When I opened the cert I had all three certs in the chain.
I then sync'd all three cert onto my device and installed in order.
My device is now syn'cd via direct push!
Yippeeee

Related

certificate installation

Hi all,
I have just upgraded to ROM 2.17.7.6 FRF on my Qteck 9100, service provider SFR (France).
Big problem : I cannot sync anymore with my Exchange Server. I understood the source of the problem: the Exchange self signed certificate is missing on the device after the Rom update. I tried to install it manually (by copying the .cer file via AS onto the device) but when I double click on the .cer file in the device, I get the message "Access to the certificate is impossible" (translated from French). There seems to be some kind of protection againts installing root certificates.
Any idea to get around this ?
Thanks -- any help really really appreciated. I am quite desperate at this stage...
Did you make sure to export the root certifcate in binary not MIME encoded format?
For me it worked to import a binary root certificate.
Thanks TcT.
Well I am not sure of the content of the .cer file.
What I did was simply copy the original .cer from the Microsoft Server to my client PC and then via Active Sync to the device and then double click on it. Nothing else.
What did you do?
There are several ways to export that Cert so that you can copy it though. DER encoded binary is what you need to use. In my case, I used a copy of my server's root cert on IE on my desktop. I exported it in DER format then copied it onto my 8125. I then tapped it and chose "install certificate".
In fact, I just tested this again on my Qtek 2.17 equipped 8125 and it worked perfectly.
Thank you Sleuth,
sorry to ask dumb questions but how do you use IE to import the cert in the requested format? What I did is I went to the \clientapps directory of the server and simply copied the .cer file. I suppose this is wrong.
You can double click on the .cer file on your PC there should be an "export" or "copy" button somewhere in that dialog there you can export the .cer file in different formats/encodings.
TcT great it worked
10 000 thanks. That was the trick
Exchange Activesync with Certs enabled
Hi,
I also have a Qtec 9100 an am unable to sync with Exchange using Certificates
I can sync if i turn OFF SSL on the server, i can also sync if i add the appropriate reg key into the device to disable Cert checking however i am curious to know if others have been able to sync using a manually created Cert .
i have tried exporting the cert from the server and the Desktop PC in all available formats and i am able to import this into the Trusted Root folder on the Qtec however each time i try to sync i get the error :
0x80072F01
Synchronization failed. The security certificate on the server is invalid. Contact your system administrator or ISP to install a valid certificate on the server and try again.
any assistance is greatly recieved
Jedismurf
Certificate Uility
There is a great certificate import utility available...
http://www.jacco2.dds.nl/networking/crtimprt.html
I have used the PFXimprt but the newer one - P12imprt does WM5 and WM 2003.

Personal certificate

I need to install a certificate for wifi on my university. As you all know PEAP needs a personal certificate. But when i install the certificate it's placed in the base folder and not in the personal folder.
Yes i added the ValidateServerCert to the registery.
Anyone can help?
If I am not mistaken it should be in the base
or it may depend on the certificate
In my case I also need a cer to use my Uni's WiFi and when I install it I find it in the base list
my problem is the certificate seems to be outdated otherwise according to the instruction I had the certificate should be in the base list.
Not sure if this helps, I have a digital certificate which allows me to get onto my work email from home.
I just copied the certificate to my memory card and then opened it through the phones file explorer.
It installed the certificate for me.
I installed the certificate the same way as you. But when i try to connect the router, it says: "you need a personal certificate" and personal certificates are used to identify yourself and base certifactes are not. So i think i need to get that certifacte to te personal folder.
Have you tried via ActiveSync? Saw an option last night, although have no experiences with certs.
Try secureW2 plug-in. (use google to find it)
A common problem is that you need certain root certificates as well- and WM doesn't download/ install them.
There are even networks that you won't be able to connect to using PEAP- like the one my uni uses. Don't ask me for detailed reasons... It's some kind of yet unsolved WM-WiFi-certificate-issue.
i use secureW2 as well at my university... works great

Email Encryption Certificate

Has anyone managed to install a certificate to encrypt email?
I need to use secure email for work, came from WM6.5 where I was able to install a Comodo email certificate
TIA
Docsboard said:
Has anyone managed to install a certificate to encrypt email?
I need to use secure email for work, came from WM6.5 where I was able to install a Comodo email certificate
TIA
Click to expand...
Click to collapse
no takers?
Hi,
I've managed to obtain a Comodo certificate and install it on my Desire.
I tried requeting the certificate on the Desire but it failed to install no matter what I did. So I requested it on my laptop instead, installed it to my laptop then exported it in PKF format. Copied the PKF file to my Desire and then renamed it to have the extension of PK9.
Put the PK9 file in the root of the SD card and ran the import certificate option from the security menu in the phone. This worked, the certificate was installed on my phone and I can see it.
Now here's the problem - Despite the certificate being installed I cannot find any way to use it to sign or encrypt emails on the email client on the Desire.
I guess I'm in the same boat as you
I am still trying to figure this out as well. We use IPSec based VPN to connect to the company network. Once authenticated at the firewall, we use our domain account credentials to authenticate to the microsoft exchange server.
Are you guys able to access internal websites that require certificates?
I am logged into my company wireless router and I am able to connect to non access controlled internal websites (i.e. http://). However, I am have been unable to connect to access controlled internal websites (i.e. https://).

Advice connecting to wpa2-enterprise

I attend Virginia tech and their wireless is secured with a certificate system.
On my computer I have it setup as wpa2-Enterprise AES with the authentication method as Microsoft: Smart card or other certificate. I had to install the cert. and select the CA cert.
How can I set this up on my phone? I have loaded the user cert and the CA cert (from windows) and tested the settings out but I am still unable to get it to work.
Any help would be appreciated.
TIA
brianmay27 said:
I attend Virginia tech and their wireless is secured with a certificate system.
On my computer I have it setup as wpa2-Enterprise AES with the authentication method as Microsoft: Smart card or other certificate. I had to install the cert. and select the CA cert.
How can I set this up on my phone? I have loaded the user cert and the CA cert (from windows) and tested the settings out but I am still unable to get it to work.
Any help would be appreciated.
TIA
Click to expand...
Click to collapse
Put the cert on the phone's internal sdcard & go to Settings > Location & Security & Install from USB Storage (internal sdcard). Then connect to the wifi & options will come up. Configure with your schools settings.
I have the certs installed as mentioned in the OP. I just don't know what settings to use. PEAP, TLS, which phase 2 to use etc..
brianmay27 said:
I have the certs installed as mentioned in the OP. I just don't know what settings to use. PEAP, TLS, which phase 2 to use etc..
Click to expand...
Click to collapse
Shouldn't your school provide you with that info? Try TLS, that's what my company uses. If that doesn't work then try another.
Woops, They totally do. Can't believe I could not find that before..
Thanks

[Q] Delete root cert on WM6.1

Guys, how to remove the expired root certificate (Secure Server Certification Authority of Verisign) from the store? I cannot connect to my mail server because the ActiveSync says: "The security certificate on the server is not valid. Contact your Exchange Server administrator...blablabla". The cert on the Exchange is valid (doublechecked), but the device's root cert expired in January this year. I installed the newest Verisign certs but the old root cert is still there.
If I right click on the cert (Settings\System\Certificates\Root), the DELETE option is grayed out. I have read somewhere that MANAGER role would be needed for this. My phone is no longer enrolled in any domain however the certs were installed earlier when the device was member of the domain of the company I used to work.
What to do now?

Categories

Resources