[Ejo]

Hi Everybody,

I want to start this topic, because recognized N95 owners have problems to connect to company Exchange Server using root or personal certificates. I couldn't find user guide or solution, how it works. Everbody is trying different processes without succes.

There are different kind of applications available to syncorinize your e-mails via Exchange Servers. Roadsync and Mail for Exchange are one ogf them, but cann'work. Maybe it isn't application problem, it is even firmware.

I waiting for your opinions. If somebody is lucky and can syncroznize email messages using certificate, experiences are welcome.

[jwc194]

This is a good question and one that comes up on a regular basis! Whether custom or self-signed certificates will be supported or “trusted” on a Nokia N95 (or any mobile device) comes down to whether or not the certificate manager on the device recognizes the certificate as trusted, and is not related to the specific Exchange ActiveSync client which is synchronizing the data. This can be verified by trying to access your Exchange Server data via OWA on the device (through the standard web browser). If you receive an error notification regarding the certificate when accessing your information in this way, you will also encounter the message when trying to use an Exchange ActiveSync client. If this is the case, the first things you will want to do are confirm and check the following:

• Date and time on the phone are correct
• The certificate is properly added to the device and therefore is displaying in the Certificate Manager on the device
  --Accessed through Settings -> Configuration -> Security -> Certificate Manager
  --If the certificate is not displaying in this section, Nokia did create a PDF document which provides S60 device users with steps on installing the certificate to the device. From what I have read on different forums and blogs, the steps which are in section 3.2.1 about importing a non-CA certificate seem to be important. You can access this PDF file here
• The certificate says that it is valid on the device
  --View details of the certificate and confirm that is shows it is valid
• The certificate is trusted for secure networking on the device.
  --View Trust Settings for the certificate and confirm that it is set to “Yes”
• The certificate is the Root certificate from the server. The steps below will help to obtain the Root certificate:
  --On your desktop computer access your OMA (/OMA) address through Internet Explorer.
  --Double click on the lock icon in the bottom right hand corner of the PC screen.
  --This will bring up the certificate information for the CA used on this site.
  --Go to the "Certificate Path" tab. This will show a tree of certificates.
  --Highlight the top level certificate. This is considered the Root certificate.
  --Click "View Certificate."
  --On the window that appears, once again go to the "Certificate Path" tab. Confirm that you have the Root Level certificate selected.
  --Go to the Details tab and choose the "Copy to File" button. This will start the export process.
  --Export the file as a DER encoded binary (.CER; the default).
  --After you do this, please try sending this file to the N95 via IR and accessing it through the Messaging application.

In some cases the Exchange Server may not be set up in a way where you can obtain the appropriate certificate by following the steps above. In these cases, it is recommended that you contact your IT Administrator to request this certificate. If you are the Exchange Administrator, you can try the following:

• Recreating the Root Certificate Authority following the Windows Component Wizard for an Enterprise Root CA.
• Exporting the certificate again through the Certificate Export Wizard as a DER encoded binary X.509 (.CER)

If you are still experiencing a problem after reviewing and confirming the information above, you could try the following (although these are only recommendations and cannot be guaranteed to help resolve the problem):

• Download the latest firmware for your device.
• Contact the phone manufacturer to find out why the device is not accepting the certificate as trusted.
• Purchase a certificate from a Public Certification Authority (i.e. VeriSign, Thawte, Equifax, etc)

As noted previously, there is definitely no “easy” answer to this question as the problem is between the certificate manager on the device and the Exchange server certificate. Since there is little information regarding what the certificate manager is looking for within the certificate, the information provided above is not guaranteed to resolve the issue. However, I hope the information provided in this post will give you some background on certificates and a place to start troubleshooting.

-The RoadSync Team
Office Mobility Blog

[Ejo]

Hi,

I just found the following work around. I have not tested, but share it.

Having used MFE on the E61 for a while now , I was absolutely gutted to find it doesn't work on the N95 - this surprised me because I have used it on the N80 with no problems

Anyway , to cut a long story short , I found this workaround posted on some other forums

1) Install MFE 1.3 & put all the settings in EXACTLY as you want them (you will not be able to change them later ! ) - it will appear to work , but when you try to open mails, it will not let you

2) Install MFE 1.5 or 1.6 over the top

Job done ! - now , you will get your push mail and all will be well

BUT ... you will not be able to turn it off or adjust the settings ! - you would have to install 1.3 again to do that , and then 1.5 again make it work

You can find Mail for Exchange 1.6.1 here: <Warez Link Removed>

...but still no results on version 1.3. Somebody found it?

[carbo]

I have the same problem. N95 with Firmware 12.
I tryed to import .cer, .p12 root certificate.
Exporting it directly from IIS server for exchange.

No way to install it.
Anybody have an idea how to export it form the eschange server?

[PaulRoper]

I to had HUGE problems getting SBS2003 certificate installed
Tursn out, My SBS2003 server hd TWO certificates. - One it he ROOT (which the nokia wants) and the other is the one used by the web server. To get the ROOT web server certificate, Go To IIS default Web Site.
-Security –> view certificate –> Certification path –> go to the ROOT Certificate –> view certificate –> details–> Copy to file --- > this is the ONE!
- Copy to N95 phone memory –> use file manager to locate the file double click to install. Bingo

[salada2k]

Nice work there mate, I had a couple of issues getting it to work and then gave up - because I left that job and no longer use Exchange. Using Lotus Notes now... Grr.

[mohdvd]

hi can anyone give me certificate of my ime no <IMEI Removed>

[dayene]

please don't post your imei in public forums.