24 Jul
Posted by Abdul Aziz as Nokia S60, Tutorials
The new Nokia E61 supports Exchange Activesync (Mail for Activesync) and syncs fine with SSL if you are using a certificate from a renowned Certificate Authority like Verisign(since these certificates are preinstalled on the phone). The problem arises when you need to install your own self signed certificate from a Windows Server Certificate Authority onto your phone to sync with SSL to your Exchange Server 2003. You need to install the certificate on your device in order for it to trust the site you are connecting to [this behavior is by design of the Exchange Activesync-AirSync protocol, even with Windows Mobile devices]. So in order to export and install an SSL certificate from your OWA website to your Nokia smartphone, you need to do the following:
1) Go to your OWA url (eg. https://mail.mydomain.com)
2) You should see the SSL lock icon down at the botton
3) Double click on it, go to the Details tab and click on “Copy to File”
4) On the Certificate Export Wizard, go to Next.
5) Select the first option “DER encoded binary X.509(.CER)”, click Next
6) Give the File a name and save it to your desktop and click Finish
Now transfer the .CER extension file to your phone’s memory. Install it by clicking on the .CER file from a File Manager. It will ask about Importing the certificate. Choose yes. That’s it. Now your self signed SSL certificate is trusted on the device and should no longer have problems synching wirelessly with the Exchange Server.
Important: If you have a chain of certificates in your certificate’s Certification Path (check https://mail.google.com for example), you need to export and install all the certificates in the chain if they are not from a renowned CA or preinstalled on the device.
Alternate method:
Go to http://certificateservername/certsrv from your Nokia web browser and download the certificate in a DER format.
31 Responses
Rahul Sood
August 9th, 2006 at 10:43 pm
1This did not work. First this Nokia phone is a POS so you can’t browse the file using the file manager because it’s an unsupported file type. Next, I throw the file up on a web page and instead of giving me the option to install the cert it opens the file into a text file with a bunch of garbage.
This OS is a nightmare.
Gyorgy Kis
October 19th, 2006 at 3:12 pm
2The action is same that Rahul has already writen but I can’t solve the problem. I can send the file to my Nokia E70 phone but when I try to open i can’t because unsupported file type.
What can I do import my .cert file (step by step)?
Thank you in advance!
Gus Dalling
November 1st, 2006 at 3:44 am
3I cannot get my e70 to recognise the .cer files either. there must be a way of importing these certificates, it seems pointless bieng able to configure mail for exchange to get your email every 15 minutes in the background. when it doesnt as it propts for you to accept the certificate whenever it connects!
Abdul Aziz
November 1st, 2006 at 8:47 am
4A lot of people have written to me about this issue. Could you try exporting the certificate from the server itself. Go to http://servername/certsrv from your Nokia web browser and download the certificate in a DER format.
Lewis
November 8th, 2006 at 5:00 am
5I have the Nokia E61 and the instructions above worked perfectly :-). I exported the SSL certificates on my main PC, transferred them to the E61, which then happily opened the files (through file manager), and installed the two certificates into my Certificate Manager.
Thanks Abdul!
Neil
December 19th, 2006 at 10:28 pm
6Following the instructions I get the error “Unknown file format” too when selecting the file..
What am I missing?
Lewis
December 20th, 2006 at 1:47 am
7Hi Neil,
Are you trying to install the certificate on the phone directly after downloading it on the phone? as that won’t work.
You need to download the certificate on your PC and then transfer it across to the phone using the data suite.
Lewis (from post two above)
Neil
December 20th, 2006 at 2:21 pm
8Lewis,
Ok - I now have the certificate installed. I managed to put it on a website as a .der format file (after converting it from .cer with OpenSSL) and the E61 has installed it so that it is viewable in the Certificate Manager. However, when I go to check my mail, I still get prompted about an Untrusted Certificate. The fingerprint info for the certificate presented is the same for the certificate installed on the E61. Any ideas?
Neil
Lewis
December 21st, 2006 at 5:42 pm
9Hi Neil,
I’m not really sure what to suggest :-(
I can only GUESS its because your certificate is installed as a .der rather than a .cer. Have you tried transferring and installing it on the phone as a .cer?
Let me know how it goes..
Lewis
Neil
December 21st, 2006 at 7:32 pm
10The e61 won’t let me install the CER file directly claiming Unknown file format..
Lewis
December 22nd, 2006 at 12:16 am
11Sorry, Neil. Not sure what to suggest! My E61 accepted .cer files after I transferred them form the PC.
:-s
Ayaz
April 3rd, 2007 at 12:48 pm
12for don;t want to see certificate error you have to disable secure connection in mail for exchange profile and it ill work ….
Shamai
May 17th, 2007 at 12:41 pm
13For all who got to this page like me, and were looking for a solution to this problem - here is what worked for me (quoting someone else):
I found that the only certificate I could install on the E61, by copying the .cer file across with no conversion necessary, was the root certificate. All others were rejected. Installing this made no difference to the acceptance request when syncing. The syncing, or web-browsing process, calls the client certificate and it not seen as trusted, hence the prompt.
The fix I found was to tell the E61 to trust my root certificate. Here’s how:
Menu - Settings - Security - Certif. management
Find your root certificate (xyzCA in my case) in the list. Options - Trust settings. Set “Internet” and “Online certif. check” to Yes.
If you wonder what the “root certificate” is - when you open your certificate - go to the “Certification Path” tab, click the first (root) certifictae, and then click “View Certificate”. Go to Details tab -> Copy File, etc.
Zilvinas
May 20th, 2007 at 6:27 pm
14For those of you who can’t download (get the text) a .cer certificate from a webserver I suggest simply changing the extension of the file from .cer to something like .exe and downloading.
You can change the extension later on with the File Manager.
Willem
June 5th, 2007 at 3:28 am
15I made a webpage (http://www.redelijkheid.com/symcaimport) where you can upload the der certificate and use your phone browser to download the certificate. This saves you from modifying your own webserver to get the certificate (which is also recommended by Nokia). Handy if you tend to use lot’s of selfsigned certificates in combination with your symbian based phone…..
Steve
June 8th, 2007 at 12:55 am
16Thanks Willem, your weblink clinched it. From my PC, I used the original instructions, doing the export wizard to download the certificate in DER format. It exported with file ext .cer. Then I uploaded to Willems’s webpage, which then emailed me a link. Then I switched to my E62 email and clicked the link. THEN it prompted to import the cert. I checked both boxes and then like magic, no more untrusted certificate prompt.
For the person who said to uncheck security, well that is the point. We don’t want to be sending date in clear text. In my case, I am using my own mail server and connecting to it using Secure IMAP.
Now my phone is perfect… until next week when I can’t do something else ;-)
Willem
June 8th, 2007 at 4:29 am
17Hi Steve,
glad to be of help to the fellow symbian phone user
If we have to wait for nokia/symbian to fix this, it might take forever :-)
Anand
June 27th, 2007 at 9:48 am
18Hi Willem,
Thanks very much. Your method worked for me too. Thanks for creating the great website too. I’ve unsuccessfully dealing with Nokia customer support for a month
Thanks,
Anand
Przemek
July 18th, 2007 at 6:35 pm
19It really works!!! Great job!
Thanks
Przemek (E61)
brendan
August 19th, 2007 at 4:11 pm
20Willem,
thanks very much. Your website helped me alot. I have been struggling with this for over a year! For a year I paid alot for a Thawte certificate and when it ran out I searched around to get our own certificate to work and thanks to your website it does.
Why do nokia make is SOO freaking hard to get the certificate on the phone? It is more of a pain that using a ‘floppy disk’.
Kered
August 29th, 2007 at 3:03 pm
21willem,
thanx 4 da help. good link site too.
Had to edit certificate on the device to ensure that prompt for network = no.
Does anyone know why it’s so hard with a nokia phone??!!
Chris
September 4th, 2007 at 11:16 pm
22Hi,
Thanks for the help so far on this. I have now got the cer installed on my phone thanks to the help of Willem’s posts.
Now when I try and sync with Nokia Mail for Exchange it starts to connect and I get “Connection error, try again later” no idea what that is about.
Any ideas?
Thanks guys
noknoki
September 9th, 2007 at 7:32 am
23thanks a lot,the links method works fine!!!!!!!!!
Mikey boy
October 27th, 2007 at 6:44 pm
24i use the N95, my network is cingular(at&t). When i goto the nokia business solutions web site to download the new 2.0 EFM software, i noticed the N95 disapperas when i choose AT&T ans my provider. I have to choose “other” as my provider in order to view the N95 phone 2.0 software download. I have downloaded the software. It appears that this phone will only work with your exchange after you have:
1. loaded a trusted cert on to your email server(one listed on your phone)
2. transfered a cert from your email server to your phoe in the correct format and verify that the cert now appears in your phones cert list.
Dimon
November 12th, 2007 at 3:06 am
25Great read lots of help! Can anyone suggest a fix for “untrusted certificate received from server” error on E61?
Thanks
D
Mark P
January 31st, 2008 at 3:36 am
26Hi
Your site seemed to work to allow download and import-Great. However, no matter what settings I try it still either pompts for Cert, or if on Always on (desired) E61 sits there constantly showing “connecting” ?
Is there any other settings require? Or minimum/latest S/W or even M4E version? I am usinh early 1.3 as its the onlyone that works withour Certs. I too have been fault finding this for a year…
Appreciate any input/direction.
Rgds
Alexander
February 1st, 2008 at 3:58 pm
27How do i make this work on my Nokia E90. I keep getting “unrusted certificate received from server - Please contact your Administrator. How do i go about getting my Mail for Exchange to work?
Dmitry
February 5th, 2008 at 1:32 am
28Willem,
Thanks a lot, it did work!
Roben
March 7th, 2008 at 4:11 pm
29Thanks a mil , it works.
Ciske
April 9th, 2008 at 6:46 pm
30Thanks a zillion man works great for me !
Except that I had to export is via IE7, internet options - security - certificates - “save as”
ergin
August 19th, 2008 at 6:54 pm
31hi,
i upload the certificate and connect the link with my e90. and save the der file. But when i try to open it it gives me “file corrupt “error. I did several time but no way. Any idea?
RSS feed for comments on this post · TrackBack URI
Leave a reply
Subscribe [PC]
Subscribe [Mobile]
Categories
Links
Archives
Tech[dot]Blog