I have a specific problem that regards the MailforExchange-client for the new E-series and security certificates are not pre-installed in the certificate manager in any of the E-phones.
The problem is that when I try to use the MailforExchange-client on a secure server, the client prompts me that the server has sent an unidentified certificate. I can simply ignore this and choose to continue. However, everytime the mail server sends a mail or contact information, the client prompts me that server has sent an unidentified certificate. If the client is idle for too long, it freezes and becomes unusable. The only way to fix this is to completely reset the phone *#7370# and start from scratch.
This problem could be solved if I would be able to install the certificate that the server has installed onto the phone.
Does anyone know of a way to install certificates OTA or locally through a computer?
I would greatly appreciate if anyone could help me with this problem or if you need a clarification on the problem then let me know. Thanks in advance!
Re: MailforExchange and certificates
click onto the lock symbol on the bottom bar, go to the detailss tab and choose "copy to file". Choose "DER eoncoded binary". (this is with IE, similar with firefox)
bluetooth or email this file to your phone. Then go to the messaging app and open it up and it will be added to your device. If all is well, the certificate is now added to your phone, some certificates are not understood by the phone, then you will get an error when opening it up)
Re: MailforExchange and certificates
- export the .cer certificate
- use OpenSSL to convert the certificate to .pem, using the command (in dos): openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem
- convert the .pem to .der using command : openssl x509 -outform der -in MYCERT.pem -out MYCERT.der
- copy the .der cetificate to the website root directory (recommended) or copy it to a newly created directory - or if you have some web page ...
- set the directory MIME types to application/x-x509-ca-cert for .der extension - on your server !!! very important
- browse the file using the E61 built in web browser, the certificate will install automatically
I have been having problems with this too and have managed at last to get it working with an SBS server. Here follows what I hope is the sequence that I used, but be aware that you try so many adjustments, there may be extra or less steps isnvolved.
I followed all the instructions on the net and was successful in installing the cert, but the prompt messages kept appearing.
We are using SBS server premium.
I saw this web page which refered to certsrv directory which did not exist on my server. http://www.msexchange.org/tutorials/..._OWA_2003.html
The default installation of my server did not have the windows component certification services installed, however the sbs certification wizard worked ok for pc's, so I followed the instructions on the web page, (note warning about name changes) right to the end. I checked from an external pc that the certificate was working.
Then I browsed to https://mail.mydomain.com/certsrv/ and logged in as administrator.
Select request a certificate
Select user certificate
Then select submit (With xp pro and explorer7 it says no futher details required at this stage, you may get different options.)
Click ok to warning about scripting
Screen then comes back saying certificate was issued and a link to install the certificate and click yes to the prompts.
This then installed two certificates to my pc.
There were two certificates installed a personal certificate and a root trusted certificate, I browsed to the root trusted certificate and exported in der format, converted .cer file to .der file using openssl as per web instructions, copied resultant file to root of server, modified mime types for .der files on server as per wen instructions, browsed to the file using native explorer in E61 which then gave me option to install which I did and voila it worked, only took me 3 days!
Note the previous certificates I managed to install always had the local host name as the properties, whereas the final one use the correct fqdn used for webmail.
From what this exercise has taught me there are 3 bits to certification, Authority, server and client. The client gets the client cert form the server and then warns if it cannot get to verify against certifying authority. The bit we need to install is the certifying authority to get rid of the prompt. Without the full cert services in the sbs there is some limitation which prevents us getting a correctly formatted certify authority, thankyou microsoft!
Thanks to all the other posters, and good luck to anyone attemting their own configuration.