Friday, 27 July 2007

Installing Exchange Certificates on S60 - Update to my N95 Review

I just got a Nokia E90 for testing, and decided to get certificates to work with Roadsync, so push-mail with Microsoft Exchange works without constant confirmation. Nokia wants signed certificates or downloaded x.509 certificates it seems. So not as simple as on Windows Mobile where you just “click” on the file to install it.

The problem is only present when you have a certificate for Microsoft Exchange you have generated yourself – which our exchange server have. So Nokia has among its many documents hidden instructions on how to generate the certificate. But in the document there is a small shortcut and I’ll publish it here :-)

Basically the easy way is to add a mime type to your web server, rename the generated certificate file from .cer to .der – place it on the web server – and then download it via the phone browser.

I did that – and in less than 5 minutes my certificate was installed – and now Roadsync works like a charm with no bugging messages about server security all the time. Perfect. Roadsync should put this on its FAQ list for sure.

If anyone of you need it – and trust me – you can send me a certificate and then I'll put it on the webserver for you to download via your phone – if you do not have access to a web server yourself.

Instructions from Nokia:

Installing a self-signed certificate to an S60 device

This chapter describes how to install a non-CA self-signed certificate to an S60 device. This is an alternative solution to the one described in Chapter 2, “Steps.”

To install a self-signed certificate, you can do the following:

1. Export the certificate in DER format (without private key).

2. If the certificate file extension is .cer, change it to .der.

3. Copy the certificate file to your Web server.

4. Set the MIME type for the directory where the certificate is to application/x-x509-ca-cert.

* In some servers, this can be done from properties of the Web directory -> HTTP Headers -> MIME Types… and adding the mentioned MIME type for the .der file.

* When using Apache server, edit the mime.types file.

5. Use the Web browser in the S60 device to browse for the certificate.

6. Save the certificate (as described in Section 2.7, “Install the CA certificate to an S60 device,” from step 3 onwards).

Thanks Nokia for the information :-)

14 comments:

Anonymous said...

Hi !

I know I am a damn idiot, but I could not do this bloody certificate install on my new E90, however, I had folloed all instructions.

1. Export DER certificate.
2. Rename .CER to .DER
3. Uploaded to my website into a subdirectory directory.
4. Browsed the .DER file with my E90 at the website.

I can save it, but I can not install it. If I try to open it after I saved it it says unkonwn format.

Could you help ?

Many many thanks,

moore

Kaz said...

did you remember to set the Mime Type on your webserver? (It has to be THAT specific directory at least!)

Anonymous said...

Unfortunatelly, i di not know how to do it. I thought it could be ok, already if the device can see it and load it. Would it be big trouble for you to upload it properly to your site as you offered at once earleir at Symbian forum ? Could you help me on that ?

Anonymous said...

Solved ! I had found out this Mime thing, THANK YOU !

Anonymous said...

Hello! Thanks for the guide, however I am having a little difficulty. I have the certificate in the right format on my server but when I try to download it i get a "no secure connection" error. The server connects using SSL but e90 gets warned it's untrusted (I presume as it is also self signed). Can you help?

Anonymous said...

What program/tool is needed to create the certificate?

Anonymous said...

Hi,
Thanks very much for your advice
I am also having the same problem of installing a certificate in my nokia 9300i phone. Can I send you the certificate (.der) then you upload in your site then you give me the site address for me to download into my phone.

Thanks in advance

Anonymous said...

Hi,

Can someone please explain how to do step 4, i.e
"Set the MIME type for the directory where the certificate is to application/x-x509-ca-cert."

THANKS

Kaz said...

Setting the MIME type on a directory is done from the Web Server. In case of Microsoft IIS - you go to MS IIS administrator and press "properties" on the directory.

There you have the option to add a MIME type. I dont know how to do it on appache :-)

Sam said...

Your instructions are spot on! But I still have a problem with Exchange communication, whenever I try to connect using Mail For Exchange on my Nokia E90 it alerts me that this an untrusted certificate is being downloaed from the server, what could be causing this. I have spoken to O2 my supplier and they haven't got a clue?

Kaz said...

i have not tried mail for exchange so cant tell.

Anonymous said...

Hello. Just got the E90 and want to setup Mail For Exchange but cannot get the certifcate installed (generated by our Exchange 2007 server). I dont have a web server and dont know how to get the certificate on my phone. Is there any other way to get it loaded?

Thanks!

Fredrik said...

I had the same problem, but I didn't have a self signed cert, but a real cert. my root ca was not in the nokia device.

When my device asked me to verify the cert I found the UTN-USERFirst part, and went to the Comodo site.

installing this cert worked for me.

(using the nokia webbrowser)
http://crt.comodoca.com/UTN-USERFirst-Hardware.crt


/Fredrik

Confucious said...

I don't have a web server so downloaded my cer to my PC, renamed it to .der then copied it to my phone using pcsuite and ran it. It seemed to install OK but I still can't browse to my website so it obviously hasn't worked.

Do you know how I can sort this?

Thanks for your help.