×

Discussion Board

Results 1 to 5 of 5
  1. #1
    Super Contributor
    Join Date
    Mar 2003
    Posts
    1,733

    Verifying Server Certificate

    Posted by Alok Gupta, alokg@mahindrabt.com
    on February 19, 2002 at 12:27

    I am using waplite's WTLS version Gateway.To verify the server certificate

    1.I need to have the CA certificate,now that certificate is in X509 format. How do I convert it to WTLS format? and is it necessary?

    2.Where do I import the certificate for verification in nokiasoftID reader or phone memory.It won't allow to be stores in NokiaSoftId reader.

    3.Can you suggest any utilities to create a certificate for the keys present in Nokia's WIM/SoftID.

  2. #2
    Super Contributor
    Join Date
    Mar 2003
    Posts
    1,733

    RE: Verifying Server Certificate

    Posted by Mobile Internet Toolkit Team, wap.toolkit@nokia.com
    on February 20, 2002 at 18:58



    : 1.I need to have the CA
    : certificate,now that certificate is in X509
    : format.How do I convert it to WTLS format?
    : and is it necessary?
    :
    You cant convert; certificates are signed by the issuing authority. CA cert can be a X.509v3
    certificate [X509], a WTLS certificate which is optimised for size, or a X9.68 certificate.

    : 2.where do I
    : import the certificate for verification in
    : nokiasoftID reader or phone memory.It won't
    : allow to be stores in NokiaSoftId
    : reader.
    :
    Import either into SoftID or PhoneMemory. Select CA option while importing into SoftID.

    : 3.Ca\n you suggest any
    : utilities to create a certificate for the keys
    : present in Nokia's
    : WIM/SoftID.
    :
    You can get client certificates for the SoftID/WIM keys from Entrust, Baltimore etc., using WPKI Client Registration process. See WAP WPKI Specs #7.3 Client Registration.

  3. #3
    Super Contributor
    Join Date
    Mar 2003
    Posts
    1,733

    RE: Verifying Server Certificate

    Posted by Alok Gupta, alokg@mahindrabt.com
    on February 21, 2002 at 14:52

    To request a certificate I need to generate a CSR.Whatever utility tools I have seen generate the keypair and then generate a CSR,Are there any tool or utilities which generate a CSR(Certificate signing Request) on the SoftID/WIM Private Key supplied by me.

  4. #4
    Super Contributor
    Join Date
    Mar 2003
    Posts
    1,733

    RE: Verifying Server Certificate

    Posted by Mobile Internet Toolkit Team, wap.toolkit@nokia.com
    on February 21, 2002 at 19:19

    The format of the CSR is defined in PKCS#10. CSR contains the distinguished name and public key for a particular subject and is signed using the private key of the subject. This works well in the wired model.

    But the basic WAP model is that the client connects to the PKI portal and then uses the relevant private key (via WTLS or signText) so that proof-of-possession can be verified using the corresponding public key. The client MAY then supply further information, or the PKI portal MAY derive further information from other sources. The PKI portal MAY then re-format the public key and other information into a certificate request to be sent to a CA. This request MAY use PKCS#10, CMP or CMC formatting as appropriate.

    The public key to be certified is transferred to the portal using either WTLS (as described in Section WAP WPKI 7.3.1)
    or SignText (as described in Section WAP WPKI 7.3.2).

    So there is need for the client to generate CSR for obtaining certificates(If you still think its a good tool we will support in our future versions). PKI portals that support client registration must be live now, but I dont know one, If you come across any, please post here.

  5. #5
    Super Contributor
    Join Date
    Mar 2003
    Posts
    1,733

    RE: Verifying Server Certificate

    Posted by Alok Gupta, alokg@mahindrabt.com
    on February 22, 2002 at 13:59

    Thanks again Anil for such a detailed explanation.I agree with you,but if I do not have access to any live portals,I cannot use any other user or non repudiation certificate as to get these certificates I need a CSR,It would be very helpful if a is facility available with mobile internet toolkit which generates an CSR for the Non Rep certificate available.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×