Importing an SSL client certificate and key
 

The certificate manager application installed on the N900 currently only supports viewing of installed certificates, but doesn't allow you to add or remove any certificates.

It took me a while to figure out how to import an X.509/SSL client certificate which is actually quite easy (I didn't find anything about this in the user guide). So I'm writing this in case other people have the same issue.

• If the client certificate/key is already installed in your PC's browser, export it into a PKCS#12 file (.p12 file extension). Pick an appropriate password when exporting as this will be the one used on your N900 as well.
• Copy the file to your N900, e.g., store in the Documents folder.
• Open the File Manager and click on PKCS#12 file. This should start the import dialog: enter your password, select if you are importing the certificate for Web sites, email, or WLAN, and confirm the installation.

The client certificate and key should then be available (the same works for server certificates as well). You may need to restart an active browser or email application for the new certificate/key to be available.

The Certificate Manager application should now display your imported certificates.

Vote for the following bug to get the missing features added to the Certificate Manager:
https://bugs.maemo.org/show_bug.cgi?id=6738


cheers...
Lars

Re: Importing an SSL client certificate and key
 

brilliant, thank you so Lars!

I followed your clear instructions and that solved my issue with secure IMAP email. For those who may wonder how these certificates look like, here's an abbriged version of what I used:

(my ISP provided that). I simply saved that in a file called myserver.p12 and loaded it with the filemanager as suggested above & I was away! :)

Re: Importing an SSL client certificate and key
 

Unfortunately I still have trouble with IMAP over SSL and using a client certificate. It works fine with accessing my company's Web sites using my client certificate, but accessing my work email still fails. :(

After configuring the account it just takes a few seconds until I get the error message that either the host name or port is wrong. Which isn't the case. :(

Re: Importing an SSL client certificate and key
 

Sorry to hear that Lars. Could it be that you have a firewall issue - do you have any other device you can try this with (eg: an iPhone)?

Re: Importing an SSL client certificate and key
 

As a CAcert user I need to install CAcert's root and class3 sertificates to all devices I use. I tried to install sertificates to N900 like I had used to do with S60 phones, as it appears N900's browser goes mad when I pressed hyperlink to .cert or .der file.

From the above I realized that filemanager might be the thing as Cert manager just happily shows what you got and browser does nothing clever. It looks like filemanager supports both PEM and DER formats of certs and installs them without much of a strugle.

I think that settnigs Certificate manager is misleading, as it really does nothing of management, but it's very good that certificates can be installed through file manager

Re: Importing an SSL client certificate and key
 

I am trying to install the attached SSL certificate, but it won't install, just displays its details. What's wrong?

I exported the certificate, from the website, as a DER file using my Firefox browser then used scp to copy it to my N900.

I clicked on it in the N900's File Manger and selected the Certificate Manager application, then it just displays the certificate details, with no option to install it.

I tried exactly the same steps with another certificate and it all worked as expected and gave me an install button.

Is it something wrong with the DER file (attached) or my N900?

Re: Importing an SSL client certificate and key
 

Might need to be a PEM file.

Re: Importing an SSL client certificate and key
 

Its a DER file.

DER file works with the other site I tried.

Just tried it as a PEM file with chain and the same thing happens.

It just displays the details, no install button. But the PEM file for the other site I tried before also works... weird.

PEM file attached, if anyone wants to have a go and see if its just my N900.

Re: Importing an SSL client certificate and key
 

From the excellent Mail For Exchange (MfE) Heartbeat and FAQ;

"Keep in mind - self-signed certificate shall have "CA" field. Otherwise, N900 certificate manager will not allow to install it."

I guess my certificate has no CA (or a CA from an untrusted authority) and so it won't install and thus doesn't appear in the Certificates Manager... nothing I can do about it.

-------------------------

After I moaned my company bought an SSL certificate and it all works wonderfully and was so easy to set up. :)

Re: Importing an SSL client certificate and key
 

I use CACert.org for my internal servers as well and was getting a BAD Signature error when sending via secure SMTP.

To fix the problem I simply installed the CACert root certificate on my N900 by downloading the Class 1 PKI Key in DER format from CACert.org by selecting "Save as" in MicroB and then opening it with file manager which prompted me to install it and gave me the options for it's use i.e. server, WLAN, or email ( I selected all three ).

Tested it by sending an email which went no problems without prompting about the certificates "BAD Signature".

Hope this info helps.

Cheers,

w0rkRB

Re: Importing an SSL client certificate and key
 

PKCS#7 worked for me as it was the only option when exporting. Emailed it and opened the attachment to install. Worked like a charm. Voted for the bug.

Thanks,

Vlad

www.nistor.co.uk

Re: Importing an SSL client certificate and key
 

Had also problems to import a pem-cert-file. Downloaded the cert file via browser saved as 'chain.pem', file manager showed details instead of importing because it hided '.txt' of the document file name!

Changed that over terminal and importing of real file 'chain.pem' worked!

Thomas aka thessy

Re: Importing an SSL client certificate and key
 

With Maemo 5 Version 10.2010.19-1 you can import (untested yet) certificate under 'settings' > 'certificate manager'

Thomas aka thessy

Re: Importing an SSL client certificate and key
 

I also have the same issue with certificates and MfE synching.
It seems clear to import the self certificated cert. from IE7 like described in http://fwd4.me/Yy7.
The import seems to work well, the N900 accepts the certificate and I can see it in the N900 settings (Cert manager on the top of the list under the group "user" above "certification sites").

Unfortunately MfE syncing still doesn't work. It remains with the same error message something like "exch server needs a secure connection or the account is deactivated".

It seems, that the certificate is there, but the Mail Client doesn't see it. A problem of rights maybe ?
Read something about CA-field but couldn't figure out that with the German Browser.

I checked the hole internet and I'm lost now. The iphone works well :eek:

Have Swiss/German language with PR1.2, MfE 2007

Add Note: when using the mail wizard MfE in the N900 it comes with an error that says the certificate is not valid (as if it would not be there) with options to stop or ignore. I assume it should say nothing as the cert. is already imported.
Ignoring will lead to the above mentioned message

thanks

Importing an SSL client certificate and key
 

My server uses a self signed server certificate. I have now updated the certificate after it expired. The certificate was originally imported to the firefox browser and I have been using it for 12 months. Now that the certificate is updated, the Firefox browser in Maemo 5 in the N900 won't allow me to browse to my site. I have looked in manage certificates but that only seems to have certificate authorities in it rather than site certificates. How do I remove the old certificate from Firefox in Maemo 5 so it will install the new certificate ?