Everything within Reason

Like many people I have spent ages tring to get my E61 to work with my Exchange Server. I originally managed it about 6 months ago but had to reconfigure the server, since when I get nagged about the untrusted cert error. I have tried turning off SSL on the phone but this only works for a few hours before it fails to sync.

I have tried your method but it although the cert seems to install it doesn’t resolve the error.

Any more help as to what certificate I should be submitting very greatfully accepted…

Currently my server is configure with the Wizard in Small Business Server 2003 as mail.MYDOMAIN.co.uk but when I submit a cert (exported from entering https://mail.MYDOMAIN.co.uk/Exchange and clicking on the padlock in IE) It shows up as a cert called MYSERVER.MYDOMAIN.co.uk which I assume is where things are going wrong…

Hi Derek,

your assumption is right. The ‘Common Name’ in the certificate doesn’t match the URL (the first part). This will always show a warning. The problem is that the Nokia browser isn’t very clear on that.

The only proper way to correct this is to get a new certificate for the right URL. So you need a certificate for mail.MYDOMAIN.co.uk.
I don’t know if you have a commercial certificate or a so-called self-signed certificate. My guess is that you have a self signed certificate at the moment, since it’s called MYSERVER.etc. Create a new one and import it and all should be working again without annoying warnings.

Hope this helps.

B.t.w. it’s possible to have more than 1 certificate on the server, so there’s no need to remove the other one. You can still use that one for other purposes (if you have any). Just ‘bind’ the new one to the website which servers the OWA interface.

Thanks for the reply. It’s more than I got from Nokia…..

I have tried to do what you say and after running the Internet and Email wizard in Small Business Server 2003 I have created a new certificate in the name of mail.MYDOMAIN.co.uk (using the domain I give in my email address). This seems to work for my email on a pc without error but when I login to https://mail.MYDOMAIN.co.uk/exchange on a pc I export a cert using the der option which gives me a .cer file. I then run it through your online tool and access it via a browser on my Nokia where it installs. However, the certificate problem still pops up everytime…

This is a real pain…. Do you have any idea’s what I can be doing wrong?

Hi Derek,

I think I found your problem. Your certificate is signed by a CA. You need to export the CA certificate and import that one on your phone. I checked the logs on my server and you’ve uploaded the certificate for the mail server. You should have used the issuing CA.

The best way of accomplishing this is to open the certificate on your server. Check the tab ‘Certification Path’. This should show a chain of certificates.
Double-click the top one (that’s the issuing CA). Open the details tab on the newly openend certificate window and click the ‘copy to file’ button to export it in the DER based format.
Upload that certificate, and import it on your phone.

The reason for receiving errors is that the Nokia validates the certificate. It sees that the certificate (with the correct DNS / Common Name in the subject field) is issued by a CA (your root CA), but it has no knowledge of this CA. That’s what is causing the error/warning.
I guess that the small business server does some thing in the background when using certificates. Just to offload the burden on the certificate creation/maintenance process.

I must be doing something wrong here…

Here’s what I do…

Open IE on server. Type in https://mail.MYDOMAIN.co.uk/exchange
Click on padlock to open cert
Click on Certification Path
I am then shown a cert saying mail.MYDOMAIN.co.uk in the top box and “this certificate is ok” in the bottom (status) box. This is the only cert shown and I can’t open it by doubleclicking on it..

Your help is very much appreciated…

dc

My last post seems to have gone walkabout..

This is what I have just tried..

I opened IE and entered https://mail.MYDOMAIN.co.uk/exchange
Clicked on the padlock and then the certification path tab.

This tab just has “mail.MYDOMAIN.co.uk” in the top (path) box and “this certificate is ok” in the lower status box.

I can’t double click on this cert (or anything else).

I’m obviously doing something fundamentally wrong here. Any idea’s what??

Hello Derek,

When I examine the certificate, it shows 5 CN (Common Name) entries in the subject field. The last CN entry contains the proper name for the server. When I tried to import it into my Nokia, it shows the wrong Common Name. In fact it just displays the first Common Name. Since the displayed Common Name is different from the actual Fully Qualified Domain Name, it’s quite logical that you receive an error that the certificate doesn’t match the URL you’re visiting.

I guess that the Nokia doesn’t like the set of multiple Common Names in the subject field, and it just picks the first one it sees (the wrong one).

Normally a (Windows) certificate has a subject that contains the following entries:
CN=mail.domain.co.uk
DC=Domain
DC=co
DC=uk

or if you’re using a ‘normal’ non MS certificate:
CN=mail.domain.co.uk
OU=organization unit
O=organisation

I don’t know the certificate generation process of the MS SBS, but try if you can generate a certificate with only 1 CN (with the proper name). Alternatively, you may try to use OpenSSL to generate a selfsigned certificate. There are lot’s of tutorials on that.

I’ve tried changing the common name to the fqdn but after I changed the server name in my Nokia settings to this fqdn it just won’t snych. Are you sure this fqdn is right? It seems to end in .local which doesn’t seem right to me..

dc

I’ve had to go back to mail.domain.co.uk to get mail to work properly. I can either trust the cert manually each time (which is a pain) or turn off ssl on the phone which only works fitfully and obviously isn’t an ideal situation..

Seems that I’m stumped…

dc

Thanks for your email but it seems that my server must be messed up when it comes to certificates. I’ll try and find a solution…

dc

I have tried dealing with Godaddy.com but they refuse to accept emails from me for some bizarre reason or other. I think I will just use leave the SSL option turned off on the phone. As long as I turn it on first thing in the morning for the first sync and then turn it off again it seems to work fine for the rest of the day or as long as the phone is left on..

Not ideal but I’m fed up trying to sort this out.. Is there a way to turn off the ssl requirement on the server?

dc

Hi Derek,
I have no idea on how to turn off the SSL requirement on the SBS. Guess you’re left with google on that one.
B.t.w. strange that GoDaddy refuses your e-mail. You might be on a blacklist or something.

Success… I have finally managed to get the certificate trusted.

Here’s how I got my Nokia to accept the certificate as trusted. It may not work for everybody but it worked for me and after the past week of messing about I am truly grateful for that…

Basically, I uninstalled then reinstalled Certificate Services through add/remove programs. I then followed the advice on this site (below), but only as far as requesting a cert through IIS Manager.

http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

I followed the advice until this section (mainly because it wouldn’t allow me to request a cert through IE on the server…)..

“Getting the Pending Request accepted by our Certificate Authority”

I then opened “certification authority” on the server (through administrative tools) and right clicked the cert authority which will have the same name as the cert you had just requested and selected properties. In my case, something like mail.mydomain.co.uk…

Under the General Tab I highlighted “certificate#0″ in the CA Certificates box and clicked “view certificates”.

This opens the cert and I then clicked the “details” tab and saved the cert to a location using the “copy to file” button.

Using the wizard I selected the first option “DER encoded binary x509(.cer) gave it a friendly name, saved it somewhere handy and closed the wizard.

I then copied the file onto a pc with the Nokia PC Suite installed and copied it to the documents folder (although any one will do). I guess you could bluetooth or email the cert as well..

I then browsed to it on the phone, clicked on it and it let me save it automatically into the certs folder. I restarted the phone, checked SSL was on and bingo the certificate was trusted and remains working today… You might have to delete an existing cert if you already have one installed as it won’t let you overwrite it..

As I say, I can’t say this will work for anybody else as I have probably fiddled around with the server so much it has gone west in some respects, but it works for me and that’ll do for now…

dc

There is a bit I left out when working through the exchange tutorial above…

When using the Certificate Services and entering a common name (mail.mydomain.com, say) change the box below (the distinguished name suffix) to…

DC=mydomain,DC=com

Then carry on as before…

This seems to give you 3 rather than 5 entries in the resulting certificate which seems to solve the problem…

dc

Thanks a lot Willem. Your website helped me a lot. And finally I got to install the certificate on my Nokia E65. But still the are problems:

When i set the exchange server properties to my local exchange server (sample_exchange_server.domainname.local) & using my WLAN connection in my office ; emails are directly pushed to my mobile without any certifiacte problems.

The real problem arises is when I am out of office & I am using a gprs connection. In theese situation I set the exchange server to http://www.mycompanyname.com & connection to GPRS. I can get the emails pushed to my mobile, but every time I get this certificate authentication popup & I have to press continue now & then. This is really a pain & annoying.

The certificate issued by my OWA (www.mycompanyname.com/exchange) & my local exchange server (sample_exchange_server.domainname.local) are the same. In addition the certificate issued only has one root (no multiple roots).

It’s only me having this problem. My colleagues who have Windows Mobile PDA(Imate & O2) don’t have any crappy certificate issues ( this proves that our certificate is stable & has no problems). For your info mwe are using a SBS 2003 self signed certificate. We have implemented push email technology in over 5 companies using Imates (or a windows PDA device). Why Nokia has to be a pain.

I would be eagerly waiting for your feedback. Please help me out

Thanks a lot in advance

Hi Muneer,

your comment ended up in the spam container, sorry about that.

let me see if I understand your challenge;
Your corporat OWA is accesible through your intranet using xyz.domain.local. The SAME OWA interface is also accesible through the internet by using whatever.domain.com.
Both interfaces use the same certificate. What is the common name in the certificate?
Is the certificate issued by the same certificate authority, or is it a selfsigned certificate?

So I could use a bit more info on this.

You may mail me directly by using willem @ [thiswebsite].com is you’re reluctant to certain info with the rest of the world.

B.t.w. Microsoft devices tend to remember earlier settings made by the user, so if you accept the ‘illegal’ certificate once, it will problably accept it (silently) the next time.

Willem, I tried upload Equifax and Thawte certificaties at your http://www.redelijkheid.com/symcaimport/ - not work on my Series40 phone. Can you (or somebody) convert these certificaties from DER to WPKI hashed format? I will send it with email attachment…

Hi Daniel,

pffff, no idea what the WPKI form exactly is, but I might give it a shot?

http://forum.nokia.com/main/resources/technologies/browsing/support/phone_security_faq.html has some suggestions. I’ll try to incorporate them in my download page, so it supports S40 and S60 phones.

Willem,

I tried your changed import-site, but no work for me. Sorry. Obviously, result must be in WPKI format and server MIME type application/vnd.wap.hashed-certificate. Tnx for effort.

Hi Daniel,

could you try it again? I made some modifications to the HTTP headers on the server. Don’t think it will make much of a difference, but one can always hope.

B.t.w. there is a lack of information on the Internet about WPKI conversion…..
Anyone with more info about this?

Hi Willem.

I just want to thank you for your work. I used your site with my N73 Nokia phone. Everything is works now!

Thanks again!

Best,
Michał

Would it be possible to get a copy of the perl/php or whatever code is driving the script on that page please? Would like to host a local copy for doing some of my certs if possible. I tried just setting the MIME-Type to application/x-509 or whatever was recommended by Nokia but couldn’t figure it out in Exchange, I might play with Apache this afternoon but I thought it might be easier to just get the script

PS: This page was very useful in getting my N95 to work, although it took me a while as there are lots of bits and pieces with lots of misinformation all over the net. I’m writing up a full howto on how to configure MS Certificate Services and the process to get this to work with the N95s now… Don’t have anywhere to publish it yet though.

Hi Chris,

I used Coldfusion for those pages and I configured IIS to return the proper MIME setting to the browser.
If you want the coldfusion source code, I’d be more than happy to provide it. My e-mail address can be found on the ‘About the Owner’ page. We can discuss the other part by e-mail if you like.

Guys,

maybe the dumbest question of the day…but is there a way to edit a certificate ?

Mine has extra CN= lines in the subject field and i have no idea how to remove this….

Ideas?

Derek @ June 29th, 2007 at 1:28 pm had a similar problem. He solved it by reinstalling the certificate services etc. Have you tried his solution?

Hi willem, thanks for the solutions. I ve been messing a couple weeks just to get the certificate installed on nokia devices. It realy help me out that ur page do the work for me, and it works like a charm, thanks so much…btw, can i implement the script on my server (with credit for you :wink::wink: for sure ) thanks in advance.

Hi Othman,

I made the files available for everyone (I had several requests in the last week). You may download them here.

Many thanks for this tool which has solved our problem with the Nokia E65. Really appreciated. From Linda in South Africa

Does anyone know whether it is possible to export a CA certificate from a Nokia E61? Thanks.

Can the tool also convert from X.509 DER to WPKI? I have a Nokia 6021 which only supports WPKI.

Nokia N95 8GB certificate import.
I used this page and apparently successfull.
I´m puzzled though. When I look at the certifikate before I upload it. it shows the url I use for webaccess and Outlook using RPC over https. Bur when I look at the certificate on the phone, it shows the local name of my server with domain name. !?
Still M4E does not work but says system error, try again later.
What to do the ?

Hello Willem,

I found your website the most useful one (and I visited a lot to this issue), but when I use your service and try to download the changed Certificate from your urls, my Nokia E51 (s60 3rd) says “dateifehler” (Fileerror) and it the import into the certificate store fails. It doesn’t matter if you use a der or cer ending. Nothing of those worked. Perhaps you will see it in the logs called cfs.cer or cfs.der. It is a self signed certificate, which works fine on Windows Mobile our admin says.

Thanks for this great tool!

Made getting my phone and clients phones working with Exchange a breeze!

Cheers and Merry Xmas,

Greg Lipschitz
Summit IT Management
Melbourne, AU

Thank you very much for your perfect tool! Incredible how many people lose so much time with bad software and arrogant companies - and how easily it could be saved. Thank you again and good luck for 2008! Hilko

It is painful to pay for the midlet to sign? Why should we pay it? It is my phone, if I want to install some application that I developed, why should I pay Verisign money!!! And also I hate the operators that disabled the J2ME API. Why? Because some API be disbaled onpurpose by the operator, like AT&T. Fox eample, nokia phone model 6085, when release in other country you can access getSnapshot() while in US you can’t. Why the AT&T or cingular disable the getSnapshot API. It is my phone and I as the owener of the mobile phone, should control the phone myself. Agree?

Willerm,
We definetely hope your tool can solve the S40 problem. I have Nokia 6085. From what I read on Internet, it requires WPKI format.

Hi Willem, Would you please more specific how to enabled my nokia 6085 phone have the access getSanpshot()?

Download for S40

You may use the following link to download your uploaded certificate (ca.cer) on your phone:

http://www.redelijkheid.com/symcaimport/ca/h3k88ec8.cer

Mail the URL

NOTE: Please verify the certificate details (e.g. the fingerprint) to make sure you install the correct certificate.
Installing the wrong CA might render you vulnerable to man-in-the-middle attacks.

Process another certificate or back to the blog

++++++++++++
when I download the above link on my phone, it says “The requested page can not be displayed”

I uploading my cert file, and tried to access. When I try to save, I am told the “New certificate might me unsecure. Save anyway?”, and then told “Certificate already existst”.

however, when ever I try and snyc, I am told “Untrusted Certifiate received from server. Please contact you system admin”

Am I missing a step here?

I got it working: I had to get the intermediate certificate installed on my phone.

Just wanted to trop u a line.. Been working on cert issues via activesync on my N95 but now after 3-4 months of no SSL connection I finally got it

Thanks a bunch

Hello!

I want to say BIG thanks to derek (and of course to Willem).

derek, I followed your instructions and I finally have my certificate trusted from my Nokia E51/E90. I am using SBS2003 too.

I was simply bored trying to manage this to work and I was using Road Sync (which can work without certificate) instead built-in Nokia’s Mail for Exchange.

THANKS, THANKS!!!

Hi,

Have a similar problem with import certificates. Except when i download the file from the web my phone keep saying “File Corrupt”.

I have tried using your web solution and also uploading files to my own web space and setting the MIME types. Both ways i get the same result.

Anyone have any idea why its say corrupt?

Thanks
Brian

After scanning through support FAQ, nokia’s site I eventually foudn your free service, worked like a charm on the Nokia N82! Thanks, my paypal account needs certification otherwise I would have donated, will donate as soo as mine is up and running. Nokia owe you BIG!

Here is my dilemma…

I am running my own server with a self signed ssl certificate for the exchange server. Any way to import the ssl certificate (either through my IIS or this web site) gives me the error “FILE CORRUPTED” . I know the file is fine since I imported it into a WM6 device OTA via IE and IIS without any problems. What am I doing wrong?

i have the nokia n73 and i have installed the first certificate with no problems but now i want to install an onther one and the phone says that the certificate is damaged. does anyone know why that is?

oke thx but i have one more question. i have made a certificate with the s60 3rd edition fp2 sdk using the makekeys command and all the certificates i have made so and sumbit it to this site and after the download is done on my phone nothing happens, no option to save the certificate. other certificates i can save with no problems. what can be the problem?

Juz wanna say thanxs.

used your site to get certs on 8 nokia phones, how else do they do it?

dear sir,

I have nokia e65, I had installed mail for exchange on my mobile. i had configured my mobile as follows :
server : webmail.apl.com
secure connection : Yes
access pint : weireless
use default port : Yes

The problem is, when Iam trying to connect, i am receiving “Secure connection required, set the secure connection to Yes in profile”, although its already set to Yes.

After searching on the net, i find that i must install web cert. from webmail server ( pls note that the web server is powered by the mother company in US, and I dont have exchange here). I went to my OWA site, and transfered the web certificate in der format. but when transfered it to my phone and try to install it, i got this error
” Save Certif.: featuer not supported”. In the securty panel on the phone, i went to entrust CA, and set the settings of it to Off.
But still unable to connect to exchange server.
Any Guide pls

thx … mua

Willem,

for my reference, it should be exported in 64 based format! if so then its text file, one more thing i had noticed, when exporting the certificate, it doesnt conatins the keys, it IE behave.

thx n rgrds…mua

Perfect! Has been done at a glance.
Saved a lot of time, thank you so much!

THANK YOU! THANK YOU! THANK YOU! THANK YOU! THANK YOU! THANK YOU! =D I was going NUTS with this!

I’m trying to install a Thawte code signing certificate on my nokia 6131 nfc (s40 3rd ed.).

I got a Thawte code signing certificate from http://www.thawte.com/roots (I also tried with exporting thawte and verisign certificates from IE). I check valid usages and code signing is there.

I succeed by using the site http://www.redelijkheid.com/symcaimport/index.cfm, surprisingly just if I use the “S60 device” option.

I downloaded the .der cert on my PC. I check valid usages and code signing is there.

However, once the certificate is installed on my phone (I downloaded from the website), I check the allowed uses: Application signing is unchecked!!! and I cannot check it! I also tried to install an application (opera mini 4.1) signed with thawte without success.

I guess just the 6131 nfc certificate manager does not allow for other code signing certificates than the nokia ones. Does anybody know another method to install code signing certs in s40?

Hello.
I’m trying to do anything with certificate and Active sync on E61 and last MFE, but without results.
May be something wrong with my Certificate? https://mail.rmg-media.ru

E61i ask me about untrusted certificate again and again. I think and the last idea, that something wrong with certificate. Please, anybode help me.

Good for you for hosting this service. A lot of people probably have no idea how to install & run openssl or configure mime types. I’m sure you’ve saved hundreds of frustration hours already. Good job man.

Thnx for this, works great.
Tested it on a E51 and it works.

tried all the process on a nokia N95 8GB. when I download the certificate from my web browser in the telephone it says that the file is damaged. I can download the cweritificate on the pc but dont have a clue how to install it from the pc to the phone. Ca you tell me if there is a solution or if the certificate does not work with nokia N95 8GB?? thanks

I was able to convert my certificates to DER by doing the command
openssl x509 -in ca.crt -out ca-der.crt -outform DER
and the N95 8GB liked them much better. The .crt suffix has to be on
the file or it’ll see ‘.der’ or something else and decide to bring it up in the Notes viewer.

I ran openssl x509 under Linux but I know there are Windows and Mac OS X ports of it as well. Tedious to have to do it on the command line, but still…

Just a question where does the modified certificate get stored on an N95.

Taj

Thanks a lot. Deleted the certificate and tried again and works a treat.

Hi there, Great idea. Will this work for a Nokia 5310 device that is based on Symbian OS S60?
Best wishes,
NEOCRON.COM

Tanks for the info. I’ll shuffle off any pick up the 5310

Great tool : it also works with a Nokia N73 and a self signed certificate !
Thankx

I just get an error when trying to install the certificate on my e71. It’s for use on my works wireless network. The admins have said they will try and assist me but have no experience with symbian s60 devices. My work laptop has a trusted root certificate installled to connect to the network using WPA TKIP - PEAP, Validating the server certificate and then uses MSCHAP-v2 authentication.

I have a copy of the wap.cer which i believe is in the right format however whenever i try and install it i am unable to open the file : file not supported this happens both as a .cer and a .der

Any support would be appricated.

Hello Willem

Hopefully you can help me. I am runing two 2008 domaincontollers one of them are a certificate server. i have created a new certificate an exported in to exchange 2007 and that is working ok. Owa is also working well. I exported out my https://mydomaincontroller/certsrv/certcarc.asp marked it as an der certificate and save it to my desktop. I used your wonderfull tool to install the certificate to my nokia e65. That part is working as a dream. But my cellphone will not trust the certificate. What can be wrong? Can you look in your logs?

Best Regards

Bernhard

Hi Willem, has the import CA tool been tested with the E71? As it downloads the certificate and a ‘Save Certificate’ prompt appears, it is quickly replaced by a ‘File Corrupted’ message. Not sure if I have missed a step.

Thanks for your response. I can see there are 3 lines in the subject field. The file is http://symcaimport.redelijkheid.com/ca/cf8eavp2.der

Thanks Willem. I’m told that re-creating the CA will break the exchange server it supports so it’s not something I can test.

Hi Guys,

I hope someone can help me. We’re in the middle of an Exchange 2007 implemetation. Everything works like a charm except ActivSync on my Nokia E65 (iPhone, Windows Mobile devices, Nokie E51 are working).
The problem is the following:
We have a Certificate Authority and a Subordinate CA. The certificate for Exchange was issued by our SubCA. When I try to Sync my mailbox on a Nokia E65, I recive the following warning:
“This site has sent an untrusted certificate. Continue anyway?” (If I select Continue then it syncs).
Exchange ActiveSync is published with ISA 2006.
The Listener certificate on the ISA server and the Exchange certificate is the same. I’ve already installed the RootCA, the SubCA and the issued certificate (what Exchange and ISA uses) on the phone. Still the same.
What could be wrong? The published URL on the ISA is webmail.mycompany.com, the internal URL where the requests are redirected by the ISA server is casnlb.intra.mycompany.com. Could that be a problem, that the external and the internal URL isn’t the same so the phone can’t trust the certificate? If that’s the case, what can I do?

Thanks in advance,
Laci

Hi Willem,

I don’t think this is a naming issue. The certificate is a SAN cert with a lot of subject alternative names. The CN of the issued certificate is webmail.mycompany.com. (This CN is the same as the URL we use to access the website externally)
The following entries are also inculded in the SAN certificate:
casnlb (WNLB NETBIOS name)
casnlb.intra.mycompany.com
imap.mycompany.com,etc.

Sorry! I’ve forgotten to mention in my previous post that we use Unified Communication (SAN) certificates.

Waiting for you answer!

Thanks in advance,
Regards,
Laci

Well following on from my previous post just over a month ago i have got no futher. The admins at my site presented me with 2 certificates to try. One was the CA authority certificate the other was distributed on all wireless devices to authenticate on the network.

I can install the CA cert on my phone by simply copying it to my phone and opening it up howevere i am still unable to authenticate with this. The other certficate i believe is the one i require for authentication however when i try and install that to my phone i get error “unable to open file : type not supported.

Very frustrating, i regret not getting a windows mobile based device as my iPAQ has no issues connecting at all.

hi…

Im using your tool and i have an e71. My Problem is, that the file is obviously corruct. Datei fehlerhaft in German. I dunno what wrong… I exported the cer file in my vista computer as DER… renamed it and all this… it didnt work. Im using the nokia browser. what can i do…

Hi…

I checked my certificate as I wrote you. CN=name.com are exactly the same in (colloquially translated) “created from” AND in “created for”. So it says that the certificate is made by me for myself. Is that what the Nokia Mobile has Problems with?

cheers

@ Willem: did you recieve the mail + cert i sent. Have you any ideas where i may be going wrong ?

Hi,
I used ‘mmc’ with the certificates snap-in to export my certificate in DER format.
The certificate has just one CN as advised above.
I uploaded via your tool and then pointed my Nokia N95 to the correct URL.
However, I receive the error stating file corrupt.
I tested the same URL on Internet Explorer and the certificate adds ok.
Any suggestions?
I am trying to obtain the correct certificate to use M4E on my Symbian N95 (currently have to click ok on the untrusted certificate screen).

Thanks Willem, it works for me in this way.

One have Exchange 2007 with godaddy’s UCC certificate installed. Everything was working except our mobiles mainly Nokia, always poping up with untrusted certificate as everyone suffer here.

i followed the way With the tool William has created(which is mail.ourdomain.com as common name and autodiscovery.ourdomain.com, ourexchangeservername, ourexchange.ourdomain.local). But it did not work. finally i did the same for intermediate certificates too. in my case i found there were two intermediate certificate in our server for godaddy. i did the same tool to create both of the certificate and it is working fine now.

this test i did on N73 mobile. I have other models like E65 and some other i will test all these and imform the same to the this community soon.

Thanks, Thanks for your valuable tool

Hi Willem, i have the same problem as Sajjad. I have a Nokia E71? As it downloads the certificate and a ‘Save Certificate’ prompt appears, it is quickly replaced by a ‘File Corrupted’ message.

Can you take a look at my certifikate-link?
http://symcaimport.redelijkheid.com/ca/x6q2wpfd.der

Thanks a lot!

Hi Willem,

When I try to upload the file on http://www.redelijkheid.com/symcaimport/ on the phone browser a message appears that says “File Restricted” and it won’t let me upload. I am on a Nokia E71x. I have tried to upload the certificate from it being sent over email, but it states file corrupted. I have tried to open it from the phone but it states it cannot open…

I called Nokia and I have to teach them what little I know about certs…

I have uploaded it on your site from my computer you can see the certificate here:
http://www.redelijkheid.com/symcaimport/ca/a8f52faf.der

IT guys at work say get a new phone, but I am stuck with this one… Should I call it a waste of $100 (and about 3 of my valuable days)?? Any help would be great.
Thanks!