How to add a certificate on WM6.1 ? - Touch Diamond, MDA Compact IV General

I know it is maybe very stupid question but really how can I add a certificate so I can use my on-line banking.
thanks in advance.

I know you can double-click .CER files and they will be imported to the Certificate settings. I added my Equifax SSL certificate that way, it shows up under "Intermediate" certificates.

thanks - it worked !!!

Related

WM5 SSL Cert issue

Basically when i sync to exchange, they expect both the exchange server + client to have a valid ssl cert. We dont have, so during the WM2003, there is a file call disablecertcheck, that would disable the cert checking
so it will be able to sync without the cert but in WM5, i cant find the files yet, so i need to know is the file disablecertcheck out for WM5, + if it isnt, any patches / cabs / registrys i can change
i downloaded it http://www.microsoft.com/downloads/...B8-8B3A-4F1D-8E94-530A67614DF1&displaylang=en
any updates on this issue ?
I never had luck with DisableCertChk. I found this posting awhile back and it was the most informative I've seen. http://jayseae.cxliv.org/2004/11/04/smartphone_activesync.html
What I did is search Google with "usercerts.msc site:microsoft.com". You'll see a TID referring to Pocket PC 2002, don't worry. Download the addroot cert which is actually ... http://download.microsoft.com/download/pocketpc/addroot/1.0/wce/en-us/addrootcert.exe. Export the certificate per Ethan's instructions from the first link, copy and install it to your device. I hope that this helps.
Steven
hi guys,
i tried the way as mentionned but, i get the following error
The security cert on the server is invalid. Contact your exchange server administrator or ISP to install a valid cert on the server
I assume you're running Exchange 2003? A perhaps even easier way is to open your OWA page with Internet Explorer and install the certificate on your PC when prompted. Then open Internet Options, Content, Certificates, Trusted Root Certification Authorites. Find your server's certificate and export to a DER encoded binary which you can install on your device. I always put my certificates on my SD card so's I can install easily whenever I upgrade my Pocket PC.... which is quite often ;-)
Luckily with WM5 I don't have to do that anymore!
If you need anymore help, just ask.
Steven
I tried this, but no luck. It still says that the certificate on the exchange server is invalid.

Extended ROM - Some CABs don't Execute

I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Quick question?
Are the CAB's signed, if not are you installing the 'signed' unsign CAB 1st .
Edit: Thinking more about this (and realising that the 1st thing you do is disable signing in your ROM's ) can you provide a little more info about the CAB's (maybe an offending CAB if the content is not private?).
I managed to replicate this issue with a CAB that had a warm reset as part of it's install process (seems to bork the autoexec batch process) and I have had a similar issue with a CAB that just contained some simple OMA in the _setup.xml.
John
yes, that's the point. But how to make any Unsigned CABs become Signed?
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
djwillis said:
huangyz said:
yes, that's the point. But how to make any Unsigned CABs become Signed?
Click to expand...
Click to collapse
Without wanting to sounds facetious you sign them ;-)
You would use a private key to generate an Authenticode signature for the CAB (and maybe the apps inside if you need to) however you would still need to install the ROOT certificate into the code stores on your device. Or get your app signed by a 3rd party with a certificate that has it's ROOT already on the device (MS's MobileToMarket and things like that take care of this for ISV's that need it).
Once you have the ROOT cert on the device in the correct store signing is trivial, you either use SignTool.exe from many of the MS SDK’s or just use the GUI options if Visual Studio is your poison. All you need is an export of the PKF (Private key) and the password to the certificate.
In enterprises one of the 1st things people often do before giving Windows Mobile devices out to users is to install a ROOT certificate for the enterprise onto the device in both the code and transmission stores. This means from then on you can sign in-house apps and CAB’s and they behave as signed commercial apps and you can use features like internal signed SSL for ActiveSync etc. etc.
Don’t forget you can also do away with a lot of this by installing the HTC signed “Disable Certificates” CAB 1st and then the signatures are not checked on subsequent CAB’s, EXE’s or anything code related for that matter.
Click to expand...
Click to collapse
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
gamescan said:
I'm trying to customize a few Extended ROMs here and I'm running into some stubborn CABs. When installed manually, everything works fine. No warnings, no errors. Just click the CAB, let it do its thing, then click OK.
Put these same ROMs into an Extended ROM and hilarity ensues. Some will work, others will not and I don't know why. Any suggestions on what I might be missing will be greatly appreciated.
Click to expand...
Click to collapse
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
huangyz said:
I am NOT a software developer so, most of your opinions sound enigmatic to me except that the last one: put the HTC signed "Disable Cert" in the 1st place of the ext-rom config.txt.
Thanks very much! I'll try later on.
Click to expand...
Click to collapse
So, where did you found the signed Disable_Cert.cab?
faria said:
most problably you forgot to set some cab file to read-only before saving the extende-rom.check the cabs atrebutes and the config.text file while inside de program that you are using to edit the extended-rom.its not because they are not signed as long you got the cert .cab set to be the first to be installed.also cab files that require user input will not work.this is from experience, as posted above.
Click to expand...
Click to collapse
Sorry to ping an old thread - flogging to proceed immedietly after...
Being that this is a windows device, isn't there a flag that can be passed when executing the cab - like you can on a windows installer application? Similar to setup.exe -q or whatever you're trying to do. Some flags set the answers to yes, admin mode... you get the picture. Does the cab installer engine allow similar flags to get passed with the cab execution command?
In PPC, it calls wceload.exe to install and uninstall a cab.
As shown in http://msdn2.microsoft.com/en-us/library/ms926281.aspx , the only possible argument is to ask or not ask for destination, but no quiet mode.
How can you call wceload.exe manually at ExtROM installation may be a question.

WM6.1, certificate by cab files

Hello,
Yesterday I get my repaired HTC TyTN II mobile phone (not branded). Now I found WM6.1 on it. Because of the Hardwarereset I need to do a new cab file installation of some needed programs.
At the moment I was able to install some bought software and also to add our Exchange 2007 Server (self-made certificate by our ActiveDirecty Certificate Authority).
Some other bought software and of course all freeware cab files aren't possible to install. I get allways the error message: "Die Installation ist fehlgeschlagen. Das Programm oder die Einstellung konnte nicht installiert werden, da es/sie nicht digital mit einem vertrauenswürdigen Sicherheitszertifikat signiert ist."
Sorry for the german error message. It means, that the cab file has no digital certificate or a digital certificate from a non trustworthy CA. It isn't possible to accept this message and install the software as it was possible by WM6.0.
I read in the forum and of course a lot of other help websites on the web about certificates. Also how to put a new certificate on cab files.
So I got from our CA a personal code signature and gave those files a new digital certificate, but that didn't work. I get the same message - the cab files have a good certificate (file property under Windows Vista showes that). Our root certificate is installed on the mobile phone => Exchange Sync works.
What can I do, that I'm able to install all cab files? Why is my own certification not trustworthy? The root certificate is correctly installed on the device => Exchange Sync works.
Hopefully someone is able to help me.
Forgive me if I'm wrong, but I think 2 things got mixed up here.
Windows Mobile requires CABs to be digitally signed by the makers of the program in order to install it. If it hasn't been done, WM will ask you if you woudl still like to install it, even if it's not digitally signed.
Exchange requires the Root certificate from the Exchange server to be installed via CAB to ensure a secure connection, identity check,... No certificate, no exchange.
=> regular CAB installations: I remember someone asking the same question some time ago, but I can't find his post. I attached a screenshot of the bubble I get. Is yours the same (ignoring the language differences)? Or are you getting another type of notification bubble or popup? Really no continue anyway option (that would really s*ck...)
Try disabeling it by using Kaisertweak (http://forum.xda-developers.com/showthread.php?t=333898). Check under 'security' and look there for disabling the warning. Soft reset after disabling it.
=> Exchange: As I said, it needs the server's Root cert to install. But I guess there were no problems here...
Good luck
@Dr. Strangelove: Thank you for your answer.
Dr. Strangelove said:
Forgive me if I'm wrong, but I think 2 things got mixed up here.
Click to expand...
Click to collapse
No not really. I tried to authorize the files, that have no certification. The root certificate of the used code signature is the same which is used for the Exchange Server synchronisation.
The root certificate was installed directly with a *.cer file (no CAB File).
Dr. Strangelove said:
=> regular CAB installations: I remember someone asking the same question some time ago, but I can't find his post. I attached a screenshot of the bubble I get. Is yours the same (ignoring the language differences)? Or are you getting another type of notification bubble or popup? Really no continue anyway option (that would really s*ck...)
Click to expand...
Click to collapse
That was the message I found with WM6.0. Now I get an different message. If the CAB file has a wrong or no digital certificate, then no installation...
...really no continue option.
I think I tried already Kaisertweak. There was a simular message. I'm not able to run it. I am not certain, therefore I will try it again.
However I don't want to deactive the warning. I want only to install or run even there is a warning.
[edit]Ok, I tried it again. The same error message: "Die Datei 'KaiserTweak' kann nicht geöffnet werden. Sie ist nicht mit einem vertrauenswürdigen Sicherheitszertifikat signiert."
In english it means, that the KaiserTweak.exe file has no certificate and it isn't possible to run it.
[/edit]
Optional it should be possible to authorize the file with an own certificate and install that. Then there should be no reason to change the new WM6.1 feature....
Andyt8 said:
What can I do, that I'm able to install all cab files? Why is my own certification not trustworthy? The root certificate is correctly installed on the device => Exchange Sync works.
Click to expand...
Click to collapse
Get with your exchange server admin, they have your security policy locked down on your device. When you sync with the server it pulls your user rights from the server, if you dont have the correct permissions then it will limit your ability to do certain things on your device.
shogunmark said:
Get with your exchange server admin, they have your security policy locked down on your device. When you sync with the server it pulls your user rights from the server, if you dont have the correct permissions then it will limit your ability to do certain things on your device.
Click to expand...
Click to collapse
Thank you for your answer. I forgot, that Exchange 2007 SP1 has more security policies for WM6.1.
Now I'm able to run all kind of installation.

[Q] Missing root certificates need thawte Premium CA cert

how can I have root certificate installed? It seems that I don't have any installed on my N1, can't seem to complete the authentication process. The simplified guide is not useful when root certificate is not installed in the first place.
http://www.its.monash.edu.au/wireless/wireless-inst-linux.html
Can anyone help? Thanks! Is there an app to fix this problem? I can't convert this .cer certificate into a version that is compatible with android

Last step for openvpn, need help.

I followed the steps and set up the openvpn,
now TUN/binary/busybox all success, but 'no configuration found', it says 'please copy your *.conf, certifications, ect to /system/xbin/busybox' but I really dont know what does it mean.....Anybody can be kindly enough to let me know?
Ok I have set up my VPN, www.vcupone.com
I downloaded openvpn-ca.cer and clein-free.ovpn
I have copied both of them to SDCARD/openvpn,
Now when I turn on the openvpn, (check the box), then it could find Client-free.ovpn, it becomes 'resolve' but only in 1 second, then becomes 'wait' ....
wait for ever....
Anybody can let me know what's wrong with that?
Have you had a look at the config file?
You need to edit it so that the
ca
cert
key
all points to correct path in /sdcard/openvpn/
Sent from my GT-P1000 using xda app-developers app
priyana said:
Have you had a look at the config file?
You need to edit it so that the
ca
cert
key
all points to correct path in /sdcard/openvpn/
Sent from my GT-P1000 using xda app-developers app
Click to expand...
Click to collapse
It seems more complicated than I thought. I followed the instructions but it didnt say i would have to edit it. I have downloaded the config, and ca, but that was no cert and key. Would you be kindly enough to give me an instruction regarding how to edit them?
Here is my config, but ca file cant be open....
client
dev tun
proto udp
remote f.vbtwo.info 53
resolv-retry infinite
nobind
persist-key
persist-tun
#ca ca.crt
auth-user-pass
ns-cert-type server
comp-lzo
verb 3
reneg-sec 0
auth-nocache
<ca>
-----BEGIN CERTIFICATE-----
MIIDbzCCAtigAwIBAgIJANshgRedAOZYMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD
VQQGEwJDTjESMBAGA1UECBMJR1VBTkdET05HMREwDwYDVQQHEwhTSEVOWkhFTjET
MBEGA1UEChMKVlBOQ1VQLkNPTTEWMBQGA1UEAxMNVlBOQ1VQLkNPTSBDQTEfMB0G
CSqGSIb3DQEJARYQYWRtaW5AdnBuY3VwLmNvbTAeFw0xMTAxMjMxMzU5MTRaFw0z
MTAxMTgxMzU5MTRaMIGCMQswCQYDVQQGEwJDTjESMBAGA1UECBMJR1VBTkdET05H
MREwDwYDVQQHEwhTSEVOWkhFTjETMBEGA1UEChMKVlBOQ1VQLkNPTTEWMBQGA1UE
AxMNVlBOQ1VQLkNPTSBDQTEfMB0GCSqGSIb3DQEJARYQYWRtaW5AdnBuY3VwLmNv
bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAufmKRSwpqv6Ple0lQaMXpJAG
8nQ6P1h4G9aO90qp7RLDCENYCV8eYEuqVuFSuZECugGusz28W6Z0Gl6Z/TdRp7ya
rCmQuZhJ+8IS1d8HWMzWQRsEoK02uPXqEFH2kkRpLg/LrtiUSw6TvpbJfSXCWBzO
VoFdGQQu87txf/F+iJMCAwEAAaOB6jCB5zAdBgNVHQ4EFgQUO1oLcbFexI516Cxm
yNYzil0mCTswgbcGA1UdIwSBrzCBrIAUO1oLcbFexI516CxmyNYzil0mCTuhgYik
gYUwgYIxCzAJBgNVBAYTAkNOMRIwEAYDVQQIEwlHVUFOR0RPTkcxETAPBgNVBAcT
CFNIRU5aSEVOMRMwEQYDVQQKEwpWUE5DVVAuQ09NMRYwFAYDVQQDEw1WUE5DVVAu
Q09NIENBMR8wHQYJKoZIhvcNAQkBFhBhZG1pbkB2cG5jdXAuY29tggkA2yGBF50A
5lgwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQBRBWOgs1fBpgENABcg
NXL0bhUcZ3/AL0jxN5cKFvUFtOtTiDWfTQg6RuqH/37kbK7Ld5bkT9VzdlsMbgsO
CcW6yKQDZug1zuFBMLy4QnBiU+6i3W8yIuLHStEHVPOi2VyXB4aHgKROfmPvlwXm
R1cn0HIKFp0pXJhk4gobd7WYcg==
-----END CERTIFICATE-----
</ca>
Not too sure.
I would have thought that openvpn client will need a cert and key to connect to the server
and re you in China?
Didn't I read that China govt firewall is now blocking openvpn?
http://kyl191.net/2012/12/openvpn-and-chinas-great-firewall/
Hi Priyana, sorry for late reply, went to a trip to Shanghai for a few days. Yes I am in China, I will read the link you gave to me first, thank you.
I had difficault time to understand it, but Skype is not blocked in China, at least not on computers. However the Chinese version andriod phones, pre-set something to block playstore and skype, that's why we need to flash it.

Categories

Resources