Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


643 posts

Ultimate Geek


Topic # 11062 29-Dec-2006 17:25

as per the topic, I am wondering how to import a self signed certificate (for an IMAP server) into the Nokia 6234?

It has a viewable list of X.509s but I want to add my own and can find no mention of how to do so in the documentation.

It will refuse to connect via IMAP over SSL without a well-known signature on the cert, no prompt to accept the cert even!




Sniffing the glue holding the Internet together

Create new topic
486 posts

Ultimate Geek
+1 received by user: 6


  Reply # 56793 3-Jan-2007 14:03
Send private message

Looked into something similar recently

1) Create a cert with openSSL or something similar

2) Put the cert onto a webserver with the correct mime type (I can't remember what it is but google has it)

3) Browse to wap site!




pɐǝɥ sıɥ uo ƃuıpuɐʇs



643 posts

Ultimate Geek


  Reply # 56808 3-Jan-2007 19:45

I just setup SSL on Apache, used the WAP browser to accept the certificate (the same certificate as Dovecot IMAP) and it does the same thing still: "Certificate is not present"

Thanks for the suggestion




Sniffing the glue holding the Internet together

486 posts

Ultimate Geek
+1 received by user: 6


  Reply # 56816 3-Jan-2007 22:29
Send private message

After you download the cert does it then appear in the list of certs in the browser menu?




pɐǝɥ sıɥ uo ƃuıpuɐʇs



643 posts

Ultimate Geek


  Reply # 56820 4-Jan-2007 01:15

no it doesn't seem to remember the certificate at all :-\





Sniffing the glue holding the Internet together

486 posts

Ultimate Geek
+1 received by user: 6


  Reply # 56836 4-Jan-2007 11:14
Send private message

Are you sure you have the mime type set correctly as the cert leaves the server? You have a packet sniffer you can watch it going out on?




pɐǝɥ sıɥ uo ƃuıpuɐʇs



643 posts

Ultimate Geek


  Reply # 56845 4-Jan-2007 12:47

AFAIK there is no mime-type for sending an SSL cert over IMAP. it is set correctly on Apache however.
sniffing port 993/TCP I can see the SSL cert being sent to the phone
FWIW I have setup many IMAP/SSL servers and they all work fine - but not with this phone





Sniffing the glue holding the Internet together

486 posts

Ultimate Geek
+1 received by user: 6


  Reply # 56901 4-Jan-2007 18:46
Send private message

What I meant was when you download the cert through the wap browser from your website is your server giving it they mime type "application/vnd.wap.wtls-ca-certificate" or similar, you should be able to see the mime types that the browser can accept and format it accordingly.

Then it should be saved into your certificate list.

Then when connecting to the imap server it should be able to use your cert

Thats the ways its supposed to work anyway i believe




pɐǝɥ sıɥ uo ƃuıpuɐʇs

961 posts

Ultimate Geek

Trusted

  Reply # 57160 7-Jan-2007 15:11
Send private message

i've tried to import my own ssl certs, including CA certs, into gsm nokia's previously - without sucess. The Nokia just sez no.

i'll watch this tread incase someone does achieve this.



643 posts

Ultimate Geek


  Reply # 57678 11-Jan-2007 22:28

sending the certificate with that mime type presents "Certificate not supported" :-(




Sniffing the glue holding the Internet together

486 posts

Ultimate Geek
+1 received by user: 6


  Reply # 57695 12-Jan-2007 08:20
Send private message

If you have a look at the HTTP accept headers when the phone hits you http server, you should be able to see what kind of mime types it accepts, hopefully one will have the words certificate or x509 in it!




pɐǝɥ sıɥ uo ƃuıpuɐʇs



643 posts

Ultimate Geek


  Reply # 57731 12-Jan-2007 16:19

Filterer: If you have a look at the HTTP accept headers when the phone hits you http server, you should be able to see what kind of mime types it accepts, hopefully one will have the words certificate or x509 in it!


The HTTP accept header does not say it accepts that mime type, but the 'list of supported mime types' PDF I downloaded from Nokia says it does.

am I missing something obvious? The documentation on Nokia's site says to do exactly what you suggested..




Sniffing the glue holding the Internet together

486 posts

Ultimate Geek
+1 received by user: 6


  Reply # 57738 12-Jan-2007 17:58
Send private message

From http://forum.nokia.com/main/resources/technologies/browsing/support/phone_security_faq.html

  • Which certificate types are supported by Nokia devices?
  • In general, WTLS certificates and X.509 certificates are supported by Nokia devices. However, the answer is product-specific as to whether both are supported and for what purpose.

  • What Wireless Public Key Infrastructure (WPKI) download mechanisms are supported by Nokia devices.
  • If a device supports WPKI, the following MIME types are supported: application/vnd.wap.hashed-certificate, application/vnd.wap.signed-certificate, and application/vnd.wap.cert-response (the latter is only supported if private key operations, like WMLScript crypto.signText, are supported in the device). In addition, in the CertResponse content type, the referral method is not supported.

From http://blogs.forum.nokia.com/view_entry.html?id=334

For SSL the story is bit different. You could do X509 certificates and for S60 they have to be DER encoded. Then you'd need to import them to the device:
1. Export the certificate in DER format (without private key)
2. If the certificate file extension is .cer change it to .der
3. Copy the certificate file to your Web server
4. Set the MIME type for the directory where the certificate is as application/x-x509-ca-cert
5. Use the web browser in the S60 device to browse the certificate
6. Import the certificate

and from http://discussion.forum.nokia.com/forum/archive/index.php/t-77239.html

I have been able to install a CA (root) certificate on all Nokia devices I have here. There are some rules:
– Nokia Series 60 loves X.509 in DER format with application/x-x509-ca-cert MIME media type.
– Nokia Series 40 loves WPKI with application/vnd.wap.hashed-certificate.
– If all of these fail (pre-2nd Edition), you have to use the good old WTLS with application/vnd.wap.wtls-ca-certificate.

Remember, it is not just the MIME media type. The content must fit its specifications (DER, WPKI, WTLS). Additionally make sure to use CA/root certificates only. I have not tried user or intermediate ones, yet. Nokia has a document in Forum Nokia which device supports which MIME media type, however, the list is buggy and unclear a bit when it comes to certificates. Use the above as good guideline and play a bit.

Your Nokia 6101 needs WPKI – I would guess from my list. There are (commercial) tools to convert a normal X.509 to WPKI.



Good luck!




pɐǝɥ sıɥ uo ƃuıpuɐʇs

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.