Import Root CA in the Nokia E61

Last week, I recieved my new Nokia E61i. As soon as I tried to connect to my own IMAP server (over SSL/TLS) is started nagging about the (selfsigned) SSL certificate.

The E61 has a certificate store, so I should be able to add other Root CA's to this store, but this is where the trouble began.

The manual has a chapter on certificates, but it lacks a working explanation on "how to import third party root CA's". On my old iPaq, it was simply upload a DER encoded certificate, click on it, and it would install. Well this doesn't work on the E61 (and many other Symbian-based) phones. Just 'google', and you'll find lot's of people with similar problems...

The working solution I found uses a website from which you download the certificate with the phone, but there is a catch; you need to add a MIME-type to the website containing the certificate (hence the admin rights).

This is what you need to do (on a Microsoft IIS):

  • Make sure you have the certificate in DER format available. If you're not sure on this, just open the certificate and op en the second tab. Choose 'Copy to file..' and select the DER option.
  • Make sure the extension of the certificate is '.der'
  • Upload the certificate to your webserver.
  • Open the IIS Manager and open the properties on the folder (or website) where you uploaded the certificate.
  • Open the 'HTTP Headers' tab, and click on 'MIME Types'
  • Add a custom MIME type.
    The Extenstion is '.der' (without the quotes, but with the point), and the MIME Type is 'application/x-x509-ca-cert' (also without the quotes)
  • Close all the open windows.
  • Go to the URL where you can download the certificate with the built-in browser of your phone (e.g. /temp/certificate.der) .
  • Your phone will recognize the file as being a certificate (the MIME type makes sure of this), and will ask you if you want to import it. While importing, the import wizard will ask for trust settings of the certificate. I just enabled both.
  • After this you should be able use certificates issued by the newly imported CA without any warning.

B.t.w., this also works for self-signed certificates.

Since not everyone has a private webserver, I will try to created a webpage on which you can upload your certificate. It returns a URL which you can use with your phone browser to download, and install the certificate on your phone.

Posted on June 3, 2007 and filed under Gadgets, Security, Symbian, Tips'n Tricks.