Guys, how to remove the expired root certificate (Secure Server Certification Authority of Verisign) from the store? I cannot connect to my mail server because the ActiveSync says: "The security certificate on the server is not valid. Contact your Exchange Server administrator...blablabla". The cert on the Exchange is valid (doublechecked), but the device's root cert expired in January this year. I installed the newest Verisign certs but the old root cert is still there.
If I right click on the cert (Settings\System\Certificates\Root), the DELETE option is grayed out. I have read somewhere that MANAGER role would be needed for this. My phone is no longer enrolled in any domain however the certs were installed earlier when the device was member of the domain of the company I used to work.
What to do now?
Related
Hi all,
I have just upgraded to ROM 2.17.7.6 FRF on my Qteck 9100, service provider SFR (France).
Big problem : I cannot sync anymore with my Exchange Server. I understood the source of the problem: the Exchange self signed certificate is missing on the device after the Rom update. I tried to install it manually (by copying the .cer file via AS onto the device) but when I double click on the .cer file in the device, I get the message "Access to the certificate is impossible" (translated from French). There seems to be some kind of protection againts installing root certificates.
Any idea to get around this ?
Thanks -- any help really really appreciated. I am quite desperate at this stage...
Did you make sure to export the root certifcate in binary not MIME encoded format?
For me it worked to import a binary root certificate.
Thanks TcT.
Well I am not sure of the content of the .cer file.
What I did was simply copy the original .cer from the Microsoft Server to my client PC and then via Active Sync to the device and then double click on it. Nothing else.
What did you do?
There are several ways to export that Cert so that you can copy it though. DER encoded binary is what you need to use. In my case, I used a copy of my server's root cert on IE on my desktop. I exported it in DER format then copied it onto my 8125. I then tapped it and chose "install certificate".
In fact, I just tested this again on my Qtek 2.17 equipped 8125 and it worked perfectly.
Thank you Sleuth,
sorry to ask dumb questions but how do you use IE to import the cert in the requested format? What I did is I went to the \clientapps directory of the server and simply copied the .cer file. I suppose this is wrong.
You can double click on the .cer file on your PC there should be an "export" or "copy" button somewhere in that dialog there you can export the .cer file in different formats/encodings.
TcT great it worked
10 000 thanks. That was the trick
Exchange Activesync with Certs enabled
Hi,
I also have a Qtec 9100 an am unable to sync with Exchange using Certificates
I can sync if i turn OFF SSL on the server, i can also sync if i add the appropriate reg key into the device to disable Cert checking however i am curious to know if others have been able to sync using a manually created Cert .
i have tried exporting the cert from the server and the Desktop PC in all available formats and i am able to import this into the Trusted Root folder on the Qtec however each time i try to sync i get the error :
0x80072F01
Synchronization failed. The security certificate on the server is invalid. Contact your system administrator or ISP to install a valid certificate on the server and try again.
any assistance is greatly recieved
Jedismurf
Certificate Uility
There is a great certificate import utility available...
http://www.jacco2.dds.nl/networking/crtimprt.html
I have used the PFXimprt but the newer one - P12imprt does WM5 and WM 2003.
Hello Everyone
I have configured my server & device (SPV M3100 WM2005) to allow direct push but when I sync I get a error which states my security certificate is invalid?
I created the certificate via StartCom Free SSL CA which have sucessfully installed on my server. (OWA & OMA all working correcly using SSL)
However when I try direct push I am unable to sync receiving the above security error.
I have tried exporting the cert to my device..no luck
I have tried using the smartphoneaddcert..no luck
Is this a problem with my orange operator not allowing SSL cert to be installed?? Is there away around this? Eg registry hack etc? If yes, how?
thanks in advance
Jonathan
Check the date and time on your device... it must be correct for the cert to be valid...
Also search for adding root cert via xml in google.
You could just disable security entirely...
You have to make sure the CA issuing the SSL cert. to use is in the trusted root CA list. If that's unsure, you can add the root CA cert again. The free SSL cert company should have the cert being able to download. However, if it's internal CA via Windows, that pretty easy: just use PIE to browse to the CA cert page and click "download root cert". Good luck man.
And if you can't get the certificate to download, you can always put the root certificate on your PDA (by AS) and execute it, then it'll also be registered propperly. After that, it should defenitly work.
i too use StartCom Free SSL. works great!
TseLawrence said:
You have to make sure the CA issuing the SSL cert. to use is in the trusted root CA list. If that's unsure, you can add the root CA cert again. The free SSL cert company should have the cert being able to download. However, if it's internal CA via Windows, that pretty easy: just use PIE to browse to the CA cert page and click "download root cert". Good luck man.
Click to expand...
Click to collapse
I downloaded the cert from the CA page however my device does not recognise the file. It saves as aphp file?
Heimiko said:
And if you can't get the certificate to download, you can always put the root certificate on your PDA (by AS) and execute it, then it'll also be registered propperly. After that, it should defenitly work.
i too use StartCom Free SSL. works great!
Click to expand...
Click to collapse
I emailed the cert which was installed on my server, then sync'd it to my device without luck? Do i need to sync while actually attached to my server. I am currently doing all this remotely as I do not have physical access to the server as of yet?
JOY JOY Worked it out!!
I exported my Cert as a "PKCS #7 Certificate"
When I opened the cert I had all three certs in the chain.
I then sync'd all three cert onto my device and installed in order.
My device is now syn'cd via direct push!
Yippeeee
I installed our company root CA on my windows mobile device. It said it was installed successfully. I set the username and password and domain. I selected SSL encryption. Set the server to the required IP address. I tried to sync my email and I get the following error:
"Result:
The security certificate on the server is not valid. Contact you Exchange Server administrator or ISP to install a valid certificate on the server" This is also referred to as support code "0x80072F0D"
I looked at the installed cert on my device and have the following details:
CERTIFICATE DETAILS (ROOT)
Issued to: **SNIP** (THIS IS AN IP ADDRESS)
Issued by: ** SNIP **
Valid from: 5/26/06 to 5/25/08
Intended Purpose(s): Server Authentication
Do you know what I am doing wrong?
Thank you very much in advance.
Any help
This problem is killing me! Is it possible that Softbank is blocking port 443? I seem to have read that somewhere last year. I have had this phone for almost 7 months and I still haven't got it to do what I purchased it for. aaah the ranting.. that felt good
Has anyone managed to install a certificate to encrypt email?
I need to use secure email for work, came from WM6.5 where I was able to install a Comodo email certificate
TIA
Docsboard said:
Has anyone managed to install a certificate to encrypt email?
I need to use secure email for work, came from WM6.5 where I was able to install a Comodo email certificate
TIA
Click to expand...
Click to collapse
no takers?
Hi,
I've managed to obtain a Comodo certificate and install it on my Desire.
I tried requeting the certificate on the Desire but it failed to install no matter what I did. So I requested it on my laptop instead, installed it to my laptop then exported it in PKF format. Copied the PKF file to my Desire and then renamed it to have the extension of PK9.
Put the PK9 file in the root of the SD card and ran the import certificate option from the security menu in the phone. This worked, the certificate was installed on my phone and I can see it.
Now here's the problem - Despite the certificate being installed I cannot find any way to use it to sign or encrypt emails on the email client on the Desire.
I guess I'm in the same boat as you
I am still trying to figure this out as well. We use IPSec based VPN to connect to the company network. Once authenticated at the firewall, we use our domain account credentials to authenticate to the microsoft exchange server.
Are you guys able to access internal websites that require certificates?
I am logged into my company wireless router and I am able to connect to non access controlled internal websites (i.e. http://). However, I am have been unable to connect to access controlled internal websites (i.e. https://).
I've read and searched and Googled but I can't find an answer
I recently flashed my first Android NAND ROM: "CMYLXGOroms.Stock.Desire.HD.v1.1.4.1n.NAND.RMNET.NO-SQUASH-RAFPIGNA.1.7OC_CWM.zip".
Everything went smoothly and it all looks good except I cannot complete the Exchange ActiveSync account.
DETAILS:
1. I'm hosting my own Exchange server -2003
2. My SSL cert is self-generated from my own MS Cert Authority
3. I can view my OWA account via the native web browser w/o issue
4. My settings "appear" to be fine as I can reach the very end of the setup wizard. (If I change any of the ActiveSync account settings to an invalid option - say add an extra character to the server address - I receive an error when I click on "Next")
ISSUE:
1. On the last step of the setup wizard, when I click on "Finish setup" I receive the error:
"Failed to created the account. Please try again later."
QUESTIONS/THOUGHTS:
1. How to you import a SSL Cert in Android?
2. I've read about "Accept All SSL Certificates" dialog box you can check but I don't see one during the setup wizard - only the "This server requires an encrypted SSL connection". Is this a legacy setting or something that is hidden by HTC's SenseHD or? Is there anyway to access this option?
3. I've tried both checking and un-checking the "This server requires an encrypted SSL connection" - both give me the same failed result.
OTHER TROUBLESHOOTING:
1. I know this works as I've been successfully using Activesync with WinMo 6.1 & 6.5 on my wife's TouchPro2 and this works fine w/ the stock WinMo 6.5. So it's not a bad config on the back-end.
2. I tried installing Touchdown to see if that would work and I cannot get that to work either.
I'm getting really frustrated - any help would be GREATLY appreciated!
thnx
UPDATE:
I spent all day:
1. Creating a new DNS A record to point directly to my OWA server
2. Upgrading my SSL cert to an offical third-part cert from startssl.com (great service for free BTW)
3. Figuring out how to export/import/modify that cert to be installed on Android
I now have a nice DNS record that points to my OWA server (vs. the old DynDNS pointer) and I appreciate the SSL cert for free find, but I'm still ready to loose it over the lack of ActiveSync support.
Anybody have any idea if this is potentially a ROM issue and I should try another? Or is this a Froyo issue and I should try Gingerbread?
TIA