Jump to content


Photo

Installing certificates

- - - - -

  • Please log in to reply
35 replies to this topic

#21
cbch

cbch

    Newbie

  • Members
  • Pip
  • 6 posts
I was able to add my own certificate to my c600 by changing the value of following registry entry on the device:

HKLM\Security\Policies\Policies\00001017 from 128 to 144.

I also changed 00001001 to 1 and 00001005 to 40 but i dont think that helped.

Restart the device.

Export the desired certificate as a binary encoded (DER) certificate (.cer).

Copy the .cer file to the device.

Open the .cer file on the device via file explorer.


So I now have the certificate listed in the root certificate list, but when I use ActivSync with my exchange server I get an error that says "The security certifcate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server."

Great ;) Any ideas? Certificates are def. listed

  • 0

#22
dm.wood

dm.wood

    Regular

  • Members
  • PipPip
  • 50 posts
  • Devices:Qtek 8310

I was able to add my own certificate to my c600 by changing the value of following registry entry on the device:

HKLM\Security\Policies\Policies\00001017          from 128 to 144.

I also changed  00001001 to 1  and  00001005 to 40  but i dont think that helped.

Restart the device.

Export the desired certificate as a binary encoded (DER) certificate (.cer).

Copy the .cer file to the device.

Open the .cer file on the device via file explorer.
So I now have the certificate listed in the root certificate list, but when I use ActivSync with my exchange server I get an error that says "The security certifcate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server."

Great  :D  Any ideas? Certificates are def. listed

<{POST_SNAPBACK}>


Ok the thing you have to be carefull with is that the exported root cert "issued to" name matches the name of the address (url) you are trying to connect to with the SPV c600, using GPRS.

In my case i am using a dynamic IP (I dont use a domain name) so the root cert "issued to" name name has to be my external IP.

If you are connecting to "your_external_domain.com" but the certificate you created on your CA server and then copied to your SPV has the "issued to" name as "internal_domain.com" the connection will fail.

You must also make sure the the Exhchange Web components on IIS are using the same Cert to provide an SSL connection. Again in my case the SSL certficate is installed under the "Default web site" in IIS as this is where the Exchange web components are installed.

Hope this helps !! ;)

  • 0

#23
hasbull_88

hasbull_88

    Newbie

  • Members
  • Pip
  • 7 posts
  • Devices:Audiovox
help me....
i had extract regedit.zip file...
then,what should i do next?open or run?

when i open the file,its show other registry not regedit...

when i run the file,it want me to put "command" and "parameters"

:??:

  • 0

#24
wbremner

wbremner

    Newbie

  • Members
  • Pip
  • 5 posts
  • Devices:TMobile SDAM

Ok the thing you have to be carefull with is that the exported root cert "issued to" name matches the name of the address (url) you are trying to connect to with the SPV c600, using GPRS.

In my case i am using a dynamic IP (I dont use a domain name) so the root cert "issued to" name name has to be my external IP.

If you are connecting to "your_external_domain.com" but the certificate you created on your CA server and then copied to your SPV has the "issued to" name as "internal_domain.com" the connection will fail.

You must also make sure the the Exhchange Web components on IIS are using the same Cert to provide an SSL connection. Again in my case the SSL certficate is installed under the "Default web site" in IIS as this is where the Exchange web components are installed.

Hope this helps !!  :)

<{POST_SNAPBACK}>


Thanks - that's helpful. So the "issued to" name is just the IP address if you are using dynamic IP?

  • 0

#25
dm.wood

dm.wood

    Regular

  • Members
  • PipPip
  • 50 posts
  • Devices:Qtek 8310

Thanks - that's helpful. So the "issued to" name is just the IP address if you are using dynamic IP?

<{POST_SNAPBACK}>


That's correct let me know if have any further questions :)

  • 0

#26
swek

swek

    Newbie

  • Members
  • Pip
  • 13 posts
  • Devices:HTC Tornado / Qtek 8310
Hi! I'm a complete idiot in this tweaking of the smartphone world. I have a Qtek 8310 which is not bound to any network carrier. (ie. no special menus and stuff).

My question is. Do I need to install a root certificate on my phone? If i do, where do I find it?

As I said, completely new to this. So I beg for your patience.

Thanks!

  • 0

#27
Disco Stu

Disco Stu

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 8,184 posts
  • Location:Coventry, UK
  • Interests:techno, Leeds United
  • Devices:HTC Touch Dual / SPV E650
The simple answer is 'no' - unless you know what these guys are talking about ;)

I assume you're thinking about application unlocking. The lock is put on the phone (usually by the operator/network) to stop you installing software that they haven't approved. (etc...blah...) If the phone refuses to install software and gives you the message that the program isn't digitally signed then you need to do the unlocking procedure. This usually occurs where registry changes are required. Unlocking instructions are in the pinned 'SP5 Tweaks' thread pinned at the top of this section.

Otherwise I wouldn't worry about it. Most things will work with just a warning and you simply confirm you want to continue the install.

  • 0

#28
wbremner

wbremner

    Newbie

  • Members
  • Pip
  • 5 posts
  • Devices:TMobile SDAM

That's correct let me know if have any further questions  ;)

<{POST_SNAPBACK}>


I forwarded the request for changing the "Issued To" name to our tech person, plus a suggestion from MoDaCo which advised us to "Export the root certificate from the Certificate Authority in your domain (in DER format)"

Our tech person came back to me with the following problem: "Unfortunately, we require a certificate of authority which our server is not configured with. The certificate from exchange can not be exported into a *.der format. "

Does that make sense? Any advice?

Thanks! ;)

  • 0

#29
dm.wood

dm.wood

    Regular

  • Members
  • PipPip
  • 50 posts
  • Devices:Qtek 8310

I forwarded the request for changing the "Issued To" name to our tech person, plus a suggestion from MoDaCo which advised us to "Export the root certificate from the Certificate Authority in your domain (in DER format)"

Our tech person came back to me with the following problem: "Unfortunately, we require a certificate of authority which our server is not configured with.  The certificate from exchange can not be exported into a *.der format. "

Does that make sense? Any advice?

Thanks!  ;)

<{POST_SNAPBACK}>


If your network administrator purchased a certificate from a commercial certificate authority (such as Verisign) for use with your Exchange Outlook Web Access component or website etc it is unlikely that they have a windows certificate authority set up. You might like to explain to him that setting up a Windows Certificate Authority is quite a simple process.

Your are not actually exporting the root certificate from the Certificate Authority in *.der format.

What you need to do is export the root certificate in "DER Encoded binary X.509" fomat. When you export in this format it creates a *.CER file (not a *.DER file).

Hope this helps! ;)

  • 0

#30
tmosda

tmosda

    Newbie

  • Members
  • Pip
  • 1 posts
  • Devices:Tmobile SDA
Hi I have T-Mobile SDA (US Version) and I did all the steps above.
ApplicationUnlock.exe fails with error "Internal Error"
Anyone got the same error and fixed it.

EDIT: had to reset my phone and then it worked fine.

Thanks for this - I'm probably doing some of the steps wrong - I'll have another go.

I don't think this could be an issue with my device - I think it is a WM5 issue so hopefully if it works on your QTeks then it should work on my MDA Vario (which is a Qtek 9100).

Btw - Did you have a look at the version of regedit that I attached?

<{POST_SNAPBACK}>


Edited by tmosda, 27 March 2006 - 11:52 AM.

  • 0

#31
dankusel

dankusel

    Newbie

  • Members
  • Pip
  • 1 posts
  • Devices:Cingular 8125
Hello - I am a first time poster begging for assistance.

I have a Cingular 8125 running WM5.0. I am using Activesync 4.1 (which came with the phone).

My business uses Exchange - from which I can access via the web using OWA.

My Activesync on my 8125 was working on and off about 4 days ago - and now does not work at all in synching with my server.

Everytime my mail on my 8125 tries to synch with my server, I receive an error on Activesync that says, "Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Server administrator. Support code:0x85010001"

I have called Cingular, Microsoft, and my company internal IT department. Cingular and MS basically said, "not our problem". My company exchange server IT group is looking at it - but nothing has changed in 5 days.

It appears to me that my issue is related to the one on this board.

I am asking that someone who has seen this issue and knows how to resolve it - please let me know. I can email you - or even call you for assistance. Like many of you on this board - the reason I bought this phone was for the email Activesync - which is not working at all! PLEASE PLEASE HELP!

Thanks,
Dan

  • 0

#32
quynh

quynh

    Newbie

  • Members
  • Pip
  • 5 posts
  • Devices:null
I'm able to copy the regtryit.exe to the phone however, when i try o run it by double clicking - it doesn't do anything but opens up the properties - what am i doing wrong? desperately need help.
Thanks.

  • 0

#33
zaphod7538

zaphod7538

    Newbie

  • Members
  • Pip
  • 2 posts
  • Devices:tmobile Dash
I have the Tmobile Dash - I can't add my own certificate as described here, but I can't make any changes to the Registry either. Apparently Tmo has the registry locked down.

Anybody run into this? Regedit doesn't work - and either does RAPI.

Everytime I try to change a value in the registry, it is it can't do it. I even tried renaming and creating, but it seems like it is a read only register file.

I can't get to my exchange server. No fun!

  • 0

#34
steveikin

steveikin

    Newbie

  • Members
  • Pip
  • 1 posts
  • Devices:Dash

I have the Tmobile Dash - I can't add my own certificate as described here, but I can't make any changes to the Registry either. Apparently Tmo has the registry locked down.

Anybody run into this? Regedit doesn't work - and either does RAPI.

Everytime I try to change a value in the registry, it is it can't do it. I even tried renaming and creating, but it seems like it is a read only register file.

I can't get to my exchange server. No fun!


Same problem - I really need to get a fix because the CEO for my company is now my only Dash user and hence the only one using email without SSL. Everyone else uses Motorola Q's.

I sent a details technical support email via T-Mobiles website, however I didn't even recevie a ticket opened auto response.

If you know the solution for the T-Mobile Dash adding a root cert please share?

  • 0

#35
jelkins

jelkins

    Newbie

  • Members
  • Pip
  • 1 posts
  • Devices:dash

I have the Tmobile Dash - I can't add my own certificate as described here, but I can't make any changes to the Registry either. Apparently Tmo has the registry locked down.

Anybody run into this? Regedit doesn't work - and either does RAPI.

Everytime I try to change a value in the registry, it is it can't do it. I even tried renaming and creating, but it seems like it is a read only register file.

I can't get to my exchange server. No fun!


I too had problems using the regedit program on the dash.
I found a reg editor called MobileRegistryEditor on the net and it runs on the desktop and edits the registry of the device through activesync.
All seems to be working now.

James

  • 0

#36
Eric Woolhiser

Eric Woolhiser

    Newbie

  • Members
  • Pip
  • 3 posts
  • Gender:Male
  • Devices:Opticon H16

1. Go to http://www.modaco.co...50-t222786.html.
2. Download the HTC-signed "regeditSTG.zip" and move it to your smartphone.
IMPORTANT: Put it on the phone, not on a memory card - this was my first
sticking point.
3. Extract the zip file using Explorer on the device (if it's a WM5 device).
4. Run the Regedit exe and follow the instructions on the page above for
registry changes to make. It was also suggested by a Microsofty a few posts
down to change 00001017 (4119) to 144 (in the same part of the registry),
although I'm not sure what each entry does. I did all three. :-)
5. Download SDA_ApplicationUnlock.exe from
http://www.modaco.co......0_app_locked...,
connect the device, run this app, click "Unlock" or whatever, then restart
the device.
6. Export the root certificate from the Certificate Authority in your domain
(in DER format), copy it to the phone (again NOT the memory card) and simply
run it from Explorer. Bob's yer uncle.


I can't seem to get step 3 to work, but first as I look at this, are these instructions smartphone specific? I'm running PPC. I can't unzip the file on the device. If I unzip on my PC and copy it over to the H16, the regedit comes up, but only shows the hive roots, and I can't open below the roots.

  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users