Office Mobility Blog

Whether custom or self-signed certificates will be supported or “trusted” on a Nokia N95 (or any mobile device) comes down to whether or not the certificate manager on the device recognizes the certificate as trusted, and is not related to the specific Exchange ActiveSync client which is synchronizing the data. This can be verified by trying to access your Exchange Server data via OWA on the device (through the standard web browser). If you receive an error notification regarding the certificate when accessing your information in this way, you will also encounter the message when trying to use an Exchange ActiveSync client. If this is the case, the first things you will want to do are confirm and check the following:

• Date and time on the phone are correct
• The certificate is properly added to the device and therefore is displaying in the Certificate Manager on the device
• Accessed through Settings -> Configuration -> Security -> Certificate Manager
• If the certificate is not displaying in this section, Nokia did create a PDF document which provides S60 device users with steps on installing the certificate to the device. From what I have read on different forums and blogs, the steps which are in section 3.2.1 about importing a non-CA certificate seem to be important.
• The certificate says that it is valid on the device
• View details of the certificate and confirm that is shows it is valid
• The certificate is trusted for secure networking on the device
• View Trust Settings for the certificate and confirm that it is set to “Yes”
• The certificate is the Root certificate from the server. The steps below will help to obtain the Root certificate:
• On your desktop computer access your OMA (/OMA) address through Internet Explorer.
• Double click on the lock icon in the bottom right hand corner of the PC screen.
• This will bring up the certificate information for the CA used on this site.
• Go to the "Certificate Path" tab. This will show a tree of certificates.
• Highlight the top level certificate. This is considered the Root certificate.
• Click "View Certificate."
• On the window that appears, once again go to the "Certificate Path" tab. Confirm that you have the Root Level certificate selected.
• Go to the Details tab and choose the "Copy to File" button. This will start the export process.
• Export the file as a DER encoded binary (the default).
• After you do this, please try sending this file to the N95 via IR and accessing it through the Messaging application.

In some cases the Exchange Server may not be set up in a way where you can obtain the appropriate certificate by following the steps above. In these cases, it is recommended that you contact your IT Administrator to request this certificate. If you are the Exchange Administrator, you can try the following:

• Recreating the Root Certificate Authority following the Windows Component Wizard for an Enterprise Root CA.
• Exporting the certificate again through the Certificate Export Wizard as a DER encoded binary X.509 (.CER)

If you are still experiencing a problem after reviewing and confirming the information above, you could try the following (although these are only recommendations and cannot be guaranteed to help resolve the problem):

• Download the latest firmware for your device.
• Contact the phone manufacturer to find out why the device is not accepting the certificate as trusted.
• Purchase a certificate from a Public Certification Authority (i.e. VeriSign, Thawte, Equifax, etc)

Hopefully with the information above (and maybe a little help from your IT guy) you'll be able to get your custom certificate installed without too much trouble. Good luck!