e71 + Exchange + Out of date certificate = I need a little help

[JessAlice]

I'm really hoping that some may be able to help or at least point me in a direction. I recently picked up an e71 and I love it. It does everything perfectly... almost...

I know that the root of this problem is with my IT dept *sigh* but they're just not going to help me so I turned to hf.

I have my e71 setup with MfE and it's syncing with our company's exchange server. Data is moving and it works well... except for the dreaded certificate error.
Our IT staff is using not only a self signed certificate, but one that is expired, so you can only imagine my problem. I have my device set to check at fifteen minute intervals, but I have every time it checks my account I'm confronted with the "Website has sent a certificate which has is out of date. Accept anyway?" to which I'm force to respond "Accept this time only"

Is there a work around for this. I have tired to export the certificate and install it directly onto the device... I have rolled back the clock (which really messes with my calender usage)


I was hoping that some might know of a way to disable this certificate check or force the device to accept the cert permanently. I have tried looking around and can't find anything.

Please excuse my ignorance... I'm a very recent s60 convert and don't have much experience with the platform


David

 

[Pouria]

Nobody...

 

[Cookiey]

tell them to get off their *** and get a new cert lol. Is there anyway to not use SSL? Maybe you can just use IMAP, and sync MFE when you want to update calendar etc.

 

[CrazeeGurl101z]

I was really hoping that there'd be a work around for this. I'd like to stick with the exchange setup... imap will mean mail every five minutes... and I'm far too nerdy to wait...

 

[hottie_247_365]

Actually, it doesn't. While it offers no option for push, i find that it pushes anyways after that initial 5 minute check as the mailbox stays connected to the exchange server. I know this because my phone will often chime before my desktop gets the email. It doesn't seem to negatively effect my battery life either. try it out.

 

[kookadookalowe]

Is there a way that you can trick them into providing a certificate - maybe stating that you use IE 8 Beta and need it installed on your PC due to applications you're testing? Will installing a trial of RoadSync remedy this certificate issue your facing? Sorry I haven't used Exchange on S60 not until next week or the week after since I'm awaiting another S60 phone, and now work where corporate BES is not an option for me at this time.

I'm sure others can assist, so this meaningless post is a free bump! for your thread to take notice.

 

[Kunmui]

What do Windows Mobile phones do in this case (just wondering?)

Anyways, if they are using an expired self-signed (it's not a huge deal IMO) certificate they probably don't enforce the use of SSL so just disable SSL:

Menu -> MfE -> Mail for Excha.... -> Options -> Edit profile -> Secure Connection (change to NO)

 

[weetabix]

When I disable the secure connection it won't connect... I'll give the imap a shot... I'm using imap with gmail and it works like a charm... Interestingly enough I've discovered that if I accept the certificate "once" and keep my connection alive with wifi push works... that being said as soon as I use my data connection (even set to remain always connected) it beings to prompt me after about five minutes...

In the old wimo devices you were once able to disable the certificate check in the registry... I was hoping that something like that would be available with s60

 

[Bill2006]

ok, first you've got a sorry _ss IT Dept. It takes about 2 seconds to generate a new self-signed cert.

I'm not sure if you can turn of SSL on the E71 but if so that'll fix it on your end, but SSL is really required for MS DirectPush AKA Activesync to work properly.

 

[Shinigami Ceiling Cat]

Wirelessly posted (Nokia E71-2: Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 NokiaE71-2/200.21.118; Profile/MIDP-2.0 Configuration/CLDC-1.1 ) AppleWebKit/413 (KHTML, like Gecko) Safari/413 UP.Link/6.3.1.17.0)

how about forwarding your mail to another account like mail2web exchange which is free?

 

[arlabeth]

No it's not, it only highly recommend for the security aspect. Also many admins will set the server to only allow SSL.

I ran WinMo for a while without a certificate... which reminds me I need to disable non-SSL on the server sometime.

 

[Whistlepig]

Agreed, i use activesync all the time without SSL, works great.

 

[Anime_Addicted!]

What's the word? Did you try Imap and push?

I just finally got SSL setup on my own exchange server, its not a big bad official trusted certificate setup, so it causes problems and gives errors here and there, but it works. When i initially synced up, it warned me about the non trusted cert, at this point it asked me if I wanted to permanently accept it, so i selected yes. So far it is working brilliantly!!!! Actually it was easier to get going because on my TILT and 8525 i had to install the root CA cert or activesync would refuse to sync lol.

So maybe you need to delete the profile, and re-enter it in, and see if you can permanently accept it.

Also make sure you have the latest MFE which is 2.07.022

 

[Abbgail]

It's not required but I promise you DirectPush is not reliable with SSL OFF. I discovered this after 6 months of testing with multiple devices after DirectPush and SP2 was released. Perhaps it's been updated since then I don't know.

 

[(xFilipinaBabeex]

I kinda experienced something like that, but i can't really say because I have not had a whole lot of time with it. It seemed like it wasn't really pushing through like it was supposed to...delayed pushes. Was that what you were experiencing?

EDIT: Though i did have exchange push setup on Palm OS and it seemed to push through just fine.....i dunno i can't really say.

 

[War Dude 14]

Here's how I did it without involving IT at all. I used the settings from our Outlook webmail. So my regular email address, userid and pw. As exchange server I used https://companyname.com, as domain I used companyname. That way I don't have to use the BB Storm we are supposed to use.

 

[Thalia H]

Nice work!

Anyone get MfE working with an implemented 2 stage logon withe the second ID/PW being AD with PW: PIN+tokencode (RSA) ?? where MfE can prompt for a logon?

This is BULLS*** that companies keep implementing this RSA tokencode junk! ITs email - non of which I get corporate financial deals or any information of the sort just outtages on tools. ARRGH!

 

[Lizzie G]

This is an old topic, but for those coming here via Google like me, I'll post how I've solved this problem.

The situation: Nokia E71 using Mail for Exchange. Every time I check for new email, I'm prompted to accept the SSL certificate for one time and there is no option to accept the certificate permanently. I've determined that the SSL certificate is indeed expired.

My solution:
1. Reset the phone to factory defaults. (Type *#7370# with lock code 12345.)
2. After the reset, set the date to a date where the SSL certificate would be valid.
3. Setup Mail for Exchange.
4. The first time you check for email, you'll get an option to accept the certificate permanently. (As far as I can tell, you get this option only once.)
5. Don't forget to set the correct date afterwards. It should keep working even after the expiration date of the certificate.

There might be a faster and/or simpler way to solve this, but this is what works for me. Use these instructions at your own risk, etc. Don't forget to backup any important files before resetting the phone.