Discussion Board

Results 1 to 7 of 7
  1. #1
    Registered User
    Join Date
    Jun 2006

    MailforExchange and certificates

    Hello everyone.

    I have a specific problem that regards the MailforExchange-client for the new E-series and security certificates are not pre-installed in the certificate manager in any of the E-phones.

    The problem is that when I try to use the MailforExchange-client on a secure server, the client prompts me that the server has sent an unidentified certificate. I can simply ignore this and choose to continue. However, everytime the mail server sends a mail or contact information, the client prompts me that server has sent an unidentified certificate. If the client is idle for too long, it freezes and becomes unusable. The only way to fix this is to completely reset the phone *#7370# and start from scratch.

    This problem could be solved if I would be able to install the certificate that the server has installed onto the phone.

    Does anyone know of a way to install certificates OTA or locally through a computer?

    I would greatly appreciate if anyone could help me with this problem or if you need a clarification on the problem then let me know. Thanks in advance!

  2. #2
    (Retired) Nokia Developer Admin.
    Join Date
    Jan 2006

    Re: MailforExchange and certificates

    This message has been added to the questions for Risto Helin, who is in charge of Forum Nokia Signing and certification.

  3. #3
    Regular Contributor
    Join Date
    Aug 2004
    East Coast, USA

    Re: MailforExchange and certificates

    you can export the certificatefrom your web-browser and bluetooth it to your device.

    for example:
    on your pc browse to your exchange server oma/owa site. e.g. https://myexchange.com/exchange/

    click onto the lock symbol on the bottom bar, go to the detailss tab and choose "copy to file". Choose "DER eoncoded binary". (this is with IE, similar with firefox)

    bluetooth or email this file to your phone. Then go to the messaging app and open it up and it will be added to your device. If all is well, the certificate is now added to your phone, some certificates are not understood by the phone, then you will get an error when opening it up)

    good luck,


  4. #4
    Registered User
    Join Date
    Oct 2006

    Re: MailforExchange and certificates


    please look at http://www.allaboutsymbian.com/forum...t=48061&page=2

    - export the .cer certificate
    - use OpenSSL to convert the certificate to .pem, using the command (in dos): openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem
    - convert the .pem to .der using command : openssl x509 -outform der -in MYCERT.pem -out MYCERT.der
    - copy the .der cetificate to the website root directory (recommended) or copy it to a newly created directory - or if you have some web page ...
    - set the directory MIME types to application/x-x509-ca-cert for .der extension - on your server !!! very important
    - browse the file using the E61 built in web browser, the certificate will install automatically

    point like - http://myserver/name.der

    It worked on my E61 today ... certificate was imported, but still have problem to connect to our https://mail.xxx.xx via OPERA or Internal nokia browser. But it works properly with Opera mini browser.

    I couldn't make it work properly with mail4exchange... always error if connect from internet - but it works from intranet without SSL...


  5. #5
    Registered User
    Join Date
    Oct 2006

    Re: MailforExchange and certificates

    anybody have experiance on mail4exchange - how to make it work on https:// connection and use of certificates ...



  6. #6
    Registered User
    Join Date
    Dec 2006

    Re: MailforExchange and certificates

    Is there any massive updates for using certificates with m4e?
    I've been fighting with this issue for a couple of days.

    I've tried this .cer -> .pem -> .der instructions but had no results.

    The only certificate I've got working is one bought from the netsolssl.com.

    Certificates made by openssl or selfssl are not functioning for me or I'm not experienced enough to get them work right...

    If anyone has any suggestions about how to import these self-signed certifications please tell me please.

  7. #7
    Registered User
    Join Date
    Jan 2007

    Re: MailforExchange and certificates

    I have been having problems with this too and have managed at last to get it working with an SBS server. Here follows what I hope is the sequence that I used, but be aware that you try so many adjustments, there may be extra or less steps isnvolved.

    I followed all the instructions on the net and was successful in installing the cert, but the prompt messages kept appearing.

    We are using SBS server premium.
    I saw this web page which refered to certsrv directory which did not exist on my server.
    The default installation of my server did not have the windows component certification services installed, however the sbs certification wizard worked ok for pc's, so I followed the instructions on the web page, (note warning about name changes) right to the end. I checked from an external pc that the certificate was working.

    Then I browsed to https://mail.mydomain.com/certsrv/ and logged in as administrator.
    Select request a certificate
    Select user certificate
    Then select submit (With xp pro and explorer7 it says no futher details required at this stage, you may get different options.)
    Click ok to warning about scripting
    Screen then comes back saying certificate was issued and a link to install the certificate and click yes to the prompts.
    This then installed two certificates to my pc.
    Tools>Internet options>Content>Certificates
    There were two certificates installed a personal certificate and a root trusted certificate, I browsed to the root trusted certificate and exported in der format, converted .cer file to .der file using openssl as per web instructions, copied resultant file to root of server, modified mime types for .der files on server as per wen instructions, browsed to the file using native explorer in E61 which then gave me option to install which I did and voila it worked, only took me 3 days!
    Note the previous certificates I managed to install always had the local host name as the properties, whereas the final one use the correct fqdn used for webmail.
    From what this exercise has taught me there are 3 bits to certification, Authority, server and client. The client gets the client cert form the server and then warns if it cannot get to verify against certifying authority. The bit we need to install is the certifying authority to get rid of the prompt. Without the full cert services in the sbs there is some limitation which prevents us getting a correctly formatted certify authority, thankyou microsoft!
    Thanks to all the other posters, and good luck to anyone attemting their own configuration.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts