Upon connecting to an untrusted SSL resource, the device will inform me that the SSL certificate which is automatically sent by the server is untrusted. For example when synchronizing the device with my SyncML server over an HTTPS URL, my Nokia N70 reports an untrusted SSL certificate at each connection. I don't want to have to confirm the trust at each connection, so I set about to get my Certificate Authority's root certificate into the phone. Knowing a bit about the topic, I imagined the Series 60 phone would prefer a DER-formatted certificate to a PEM-formatted one, so I converted by PEM certificate (often stored as a .crt or .pem file) into a DER format (often such files are named .der, or in the Microsoft world, .cer). I guessed it would be .cer, and it turned out my hunch was correct. The conversion is simple if access to the OpenSSL tool chain is available:

$ openssl x509 -in jpmensca.crt -out jpmensca.cer -outform DER

This file I then transmitted via BlueTooth to the mobile device. Your mileage will vary here of course, but from my Windows notebook I used file transfer to do it. I simply dropped the jpmensca.cer file onto the OBEX file transfer folder. My device told me I had a message waiting for me, and I then opened the message to find a message from the BlueTooth stack containing the attachment jpmens.cer file. As soon as it is opened, the mobile phone recognizes that it is a certificate and offers to import it. After acknowledging that the new certificate might be insecure, I saved anyway and gave it a label with which to later identify it, then specifying the trust options for the certificate: The certificate is then saved in the phone's certificate store. To later view details of the certificate, revoke trust, or even delete the certificate, I use the security settings utility to access Certificate management which lists all the trusted certificates, and I can open mine of course. Now I can connect to an HTTPS resource which is protected by SSL/TLS certificates I have issued myself.

Flattr this
Internet, Hardware, Security, SyncML, and Mobile :: 13 Jan 2007 :: e-mail

Comments

blog comments powered by Disqus