Using your self signed certs on Orange phones
Installing SSL Certificates in Windows Mobile 5.0 devices
Orange has developed a solution to allow members of Orange Partner to install their own SSL certificate onto Microsoft handsets without unlocking the phone.
Why?
We recently released new versions of software for some of our Microsoft handsets C600, M3000 and M5000 that enable "push" email from Microsoft Exchange servers. This email service uses SSL certification which means that the server and the handset must have matching certificates or key pairs so they know they are allowed to communicate with each other. The handset has a public key and the server has a private key.
SSL certification can be achieved one of two ways. You can either:
Buy an SSL certificate from a recognised supplier (e.g. VeriSign, Thawte, Equifax) and install it onto the Microsoft Exchange email server (recommended solution). Install your own certificate (self created) onto the server and handsets.
However, installing your own certificate on the handset is not an option without either having a privileged application installed, or having your device unlocked.
the solution?
We will create a privileged application that will install the certificate on the handset for you.
Just create a file called _setup.xml and send it to Orange Partner. The XML should have the following format.
<wap-provisioningdoc> <characteristic type="CertificateStore"> <characteristic type="ROOT" > <characteristic type="THUMBPRINT"> <parm name="EncodedCertificate" value=" CERTIFICATE VALUE"/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>
Orange Partner will then use this file to create a CAB file that will install the certificate.
The value of THUMBPRINT can be found by opening up the certificate. If the certificate is installed on the PC then it can be found by going to Internet Options, Content, Certificates and selecting the Trusted Root Certification Authorities tab.
Click on view then go to the details tab. Find the thumbprint of the certificate, highlight it and copy it.
Paste it into the XML to replace THUMPRINT and remove the spaces between the hex pairs.
To find the CERTIFICATE VALUE export the Certificate in Base-64 format.
Now open up the exported certificate using notepad
Copy the certificate details and paste into the XML to replace CERTIFICATE VALUE. In the example above it would be the details from MIICk.. to wlklv.
A completed _setup.xml would look something like this.
<wap-provisioningdoc> <characteristic type="CertificateStore"> <characteristic type="ROOT" > <characteristic type="7e78de1f16d47b440cad4a101c8265cc290a1945"> <parm name="EncodedCertificate" value="MIICkDCCAfmgAwIBAgIBATAN
BgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJVUzEcUdXfp9E3j9HngXNBUmCbnaEXJnitx7HoJpQytd4zjTov2/KaelpzmKNc6fuKcxtc58O/gGzNqfTWK8D3+ZmqY6KxRwIP1ORROhI8bIpaVIRw28HFkM9yRcuoWcDNM50/MBoGA1UEChMTRXF1aWZheCBTZWN1cmUgSW5jLjEtMCsGA1UEAxMkRXF1aWZheCBTo5brhTMhHD4ePmBudpxnhcXIw2ECAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgAHMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUvqigdHJQa0S3ySPY+6j/s1draGwwHQYDVR0OBBYEFL6ooHRyUGtEt8kj2Puo/7NXa2hsMA0GCSqGSIb3DQEBBAUA ZWN1cmUgR2xvYmFsIGVC
dXNpbmVzcyBDQS0xMB4X
DTk5MDYyMTA0MDAwMFo
XDTIwMDYyMTA0MDAwMF
owWjELMAkGA1UEBhMCV
VMxHDAaBgNVBAoTE0Vxd
WlmYXggU2VjdXJlIEluYy4x
LTArBgNVBAMTJEVxdWlm
YXggU2VjdXJlIEdsb2JhbC
BlQnVzaW5lc3MgQ0EtMT
CBnzANBgkqhkiG9w0BAQE
FAAOBjQAwgYkCgYEAuuc
XkAJlsTRVPEnCA4GBAD
DiAVGqx+pf2rnQZQ8w1j7
aDRRJbpGTJxQx78T3LU
X47Me/okENI7SS+RkAZ7
0Br83gcfxaz2TE4JaY0KN
A4gGK7ycH8WUBikQtBm
V1UsCGECAhX2xrD2yuC
Ryv8qIYNMR1pHMc8Y3c
7635s3a0kr/clRAevsvIO1q
EYBlWlKlV"/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>
The completed file, _setup.xml, should be emailed to developers@orange.com. The email should have the subject SSL Certificate Install and include the attached file and your Orange Partner username.
Thanks to this Microsoft Blog entry for details on how to create this XML code.http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx
0 Comments:
Post a Comment
<< Home