Importing an SSL client certificate and key
 

The certificate manager application installed on the N900 currently only supports viewing of installed certificates, but doesn't allow you to add or remove any certificates.

It took me a while to figure out how to import an X.509/SSL client certificate which is actually quite easy (I didn't find anything about this in the user guide). So I'm writing this in case other people have the same issue.

• If the client certificate/key is already installed in your PC's browser, export it into a PKCS#12 file (.p12 file extension). Pick an appropriate password when exporting as this will be the one used on your N900 as well.
• Copy the file to your N900, e.g., store in the Documents folder.
• Open the File Manager and click on PKCS#12 file. This should start the import dialog: enter your password, select if you are importing the certificate for Web sites, email, or WLAN, and confirm the installation.

The client certificate and key should then be available (the same works for server certificates as well). You may need to restart an active browser or email application for the new certificate/key to be available.

The Certificate Manager application should now display your imported certificates.

Vote for the following bug to get the missing features added to the Certificate Manager:
https://bugs.maemo.org/show_bug.cgi?id=6738


cheers...
Lars

Re: Importing an SSL client certificate and key
 

brilliant, thank you so Lars!

I followed your clear instructions and that solved my issue with secure IMAP email. For those who may wonder how these certificates look like, here's an abbriged version of what I used:

(my ISP provided that). I simply saved that in a file called myserver.p12 and loaded it with the filemanager as suggested above & I was away! :)

Re: Importing an SSL client certificate and key
 

Unfortunately I still have trouble with IMAP over SSL and using a client certificate. It works fine with accessing my company's Web sites using my client certificate, but accessing my work email still fails. :(

After configuring the account it just takes a few seconds until I get the error message that either the host name or port is wrong. Which isn't the case. :(

Re: Importing an SSL client certificate and key
 

Sorry to hear that Lars. Could it be that you have a firewall issue - do you have any other device you can try this with (eg: an iPhone)?

Re: Importing an SSL client certificate and key
 

As a CAcert user I need to install CAcert's root and class3 sertificates to all devices I use. I tried to install sertificates to N900 like I had used to do with S60 phones, as it appears N900's browser goes mad when I pressed hyperlink to .cert or .der file.

From the above I realized that filemanager might be the thing as Cert manager just happily shows what you got and browser does nothing clever. It looks like filemanager supports both PEM and DER formats of certs and installs them without much of a strugle.

I think that settnigs Certificate manager is misleading, as it really does nothing of management, but it's very good that certificates can be installed through file manager

Re: Importing an SSL client certificate and key
 

I am trying to install the attached SSL certificate, but it won't install, just displays its details. What's wrong?

I exported the certificate, from the website, as a DER file using my Firefox browser then used scp to copy it to my N900.

I clicked on it in the N900's File Manger and selected the Certificate Manager application, then it just displays the certificate details, with no option to install it.

I tried exactly the same steps with another certificate and it all worked as expected and gave me an install button.

Is it something wrong with the DER file (attached) or my N900?

Re: Importing an SSL client certificate and key
 

Might need to be a PEM file.

Re: Importing an SSL client certificate and key
 

Its a DER file.

DER file works with the other site I tried.

Just tried it as a PEM file with chain and the same thing happens.

It just displays the details, no install button. But the PEM file for the other site I tried before also works... weird.

PEM file attached, if anyone wants to have a go and see if its just my N900.

Re: Importing an SSL client certificate and key
 

From the excellent Mail For Exchange (MfE) Heartbeat and FAQ;

"Keep in mind - self-signed certificate shall have "CA" field. Otherwise, N900 certificate manager will not allow to install it."

I guess my certificate has no CA (or a CA from an untrusted authority) and so it won't install and thus doesn't appear in the Certificates Manager... nothing I can do about it.

-------------------------

After I moaned my company bought an SSL certificate and it all works wonderfully and was so easy to set up. :)

Re: Importing an SSL client certificate and key
 

I use CACert.org for my internal servers as well and was getting a BAD Signature error when sending via secure SMTP.

To fix the problem I simply installed the CACert root certificate on my N900 by downloading the Class 1 PKI Key in DER format from CACert.org by selecting "Save as" in MicroB and then opening it with file manager which prompted me to install it and gave me the options for it's use i.e. server, WLAN, or email ( I selected all three ).

Tested it by sending an email which went no problems without prompting about the certificates "BAD Signature".

Hope this info helps.

Cheers,

w0rkRB