Installing root certificates into 1.40 - MDA III, XDA III, PDA2k, 9090 General

I've got an XDAIIs, which has been updated to a 1.40 ROM. We install a new root certificate onto our devices, to allow us to use Activesync over SSL, but when you try and load a .cer file on a 1.4 ROM you get the oh-so-helpful message:
"Security permission was insufficient to update your device."
This process has worked fine on every other ROM and I suspect it's something new on the 1.40 ROM. My guess is that it won't work with the XDAIIi either, which has a 1.40 ROM out of the box...
Suggestions? Google / Microsoft didn't turn up a lot.
Daern

daern said:
I've got an XDAIIs, which has been updated to a 1.40 ROM. We install a new root certificate onto our devices, to allow us to use Activesync over SSL, but when you try and load a .cer file on a 1.4 ROM you get the oh-so-helpful message:
"Security permission was insufficient to update your device."
This process has worked fine on every other ROM and I suspect it's something new on the 1.40 ROM. My guess is that it won't work with the XDAIIi either, which has a 1.40 ROM out of the box...
Suggestions? Google / Microsoft didn't turn up a lot.
Daern
Click to expand...
Click to collapse
Interesting. how did you try and import the .cer file to the device?

deleted
....

therock112 said:
Interesting. how did you try and import the .cer file to the device?
Click to expand...
Click to collapse
Just click the file
Or run certinst.exe, which is what .cer file are associated with in PPC2003+
I've actually found some rather nice, useful code from Microsoft (gasp, shock, horror!):
Download this example:
http://support.microsoft.com/default.aspx?scid=kb;en-us;322956
...which is for PPC2002, but the sample code for inserting certificates works on 2003 and (more importantly) bypasses whatever additional locks that have been placed in this new ROM. In fact, it's even better 'cos certinst.exe threw up a non-suppressable confirmation box, whereas I can now embed all of the code into a setup.dll and wrap the cert into a self installing cab file, along with all of my CPF stuff.
I'll still try and find out why O2 have changed this though. That sucks...
Happy Daern the hax0r

Related

WM6 and Personal Exchange certificates

Anyone know if personal exchange certificates are now working in WM6? I'd rather not pay $100/yr if I don't have to...
I believe so, I use a personal exchange certificate and never had a problem with it in WM6...
Hmm, well I wasted last night trying to get ours to work. I was able to export the .cer and install it, but it kept saying "invalid security certificate".
One other item to note, our webmail address is as follows blahblah.wahwah.com/exchange.
Is that causing the problem?
pkley said:
Hmm, well I wasted last night trying to get ours to work. I was able to export the .cer and install it, but it kept saying "invalid security certificate".
One other item to note, our webmail address is as follows blahblah.wahwah.com/exchange.
Is that causing the problem?
Click to expand...
Click to collapse
I doubt it..
Are you sure the backend (exchange/isa publishing) is all correct?
Next up, you'll probably need to export the root certificate and import that on to your device as well as the cert thats been used to publish exchange. You can use owa to test all this... If you browse to https owa url you need to see all green (eg name matches, certificate valid (eg not expired), and trusted (including any root certs)). Ensure root certs are in the correct store when you import (I usually deselect the place certs automatically option).
The other thing is to check on how the cert was exported... I dont have the process to hand, but its on isaserver.org and MS....
All I've ever done is install the root certificate on the phone and everything works fine WM5/WM6.
All I've ever done is install the root certificate on the phone and everything is ok (WM5/WM6) although I'm not behind ISA
Your certificate name would have to match exactly what you have set up on exchange/server. In your example, certificate is named blahblah.wahwah.com... it has to be exactly the same name. So in your PDA the server name would be blahblah.wahwah.com. not blahblah.wahwah.com/exchange
Good luck.
Personal certificate you mean : Client certificate ?
-> work fine with YES an easy install (no need anymore complicate activesync process or Jacco dds....)
Woldcard certificate (*.toto.com also working fine!)
-> yes after a missing feature in WM5!
Ok, here's what I did.
Opened up my webmail page which is abc.defg.com\exchange
Clicked on the Lock and opened up the certificate. Under Certification Path it says abc.defg.com - no \exchange
Under Details I clicked on Thumbprint and Copy to File as a .cer
I named that file root.cer and put it in the directory on my 8525 and ran it, it installed.
I'm sure I'm missing several steps, but a lot of the threads are way over my head or not applicable to my situation. Any advice, or step by step would be greatly appreciated.

HELP...synchronize issue with microsoft exchange

I flashed LVSW WM6.0 ROM ( 3.30.0.9 version ) last night on my Hermes. After the flashing was done, the device was able to synchronize with the exchange server through my PC at the first, but it wasn't later. And the synchronizing is always failed with the exchange server through the GPRS later on. I checked the report and it reads
" Result: The server certificate on the server is not valid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server."
and provides a " Support code : 0x80072F06".
This never happened on the platform of WM5.
Can anybody help on this issue?
Thanks a lot!
I had a same issue at past week.
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
YUKI- said:
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
Click to expand...
Click to collapse
I'm also having a similar problem. When I connect via usb I can sync with server. When I connect wirelessly, cannot sync. Get server name error. Do you have this file?
YUKI- said:
Please change the WINCE.NLS at the \winodws by Good WINCE.NLS.
Good mean is right wince.nls same as your localized version.
Have you been installed any programs with the WINCE.NLS?
If so, I hope above information is usefull.
Click to expand...
Click to collapse
Hi YUKI-
Thanks for your input. Actually I'm using the good wince.nls said as without the good wince.nls Chinese is not readable. But the problem is still the problem.....Thank you all the same
Taking it back to first principals (assuming you have access to the server):
- what certificate is the server using? (one from your own CA or a third party one like verisign)
- has that certificate expired?
- if using a certificate from your own CA have you installed the root certificate on your phone?
- do the address on the certificate and the one you have entered on the phone match exactly?
- what happens if you turn off the SSL requirement on the server - do you get a different error or does it work ok?
- Do you have another phone you can test with? Failing that what about using Outlook Web Access on a PC over SSL, does that work okay without certificate errors?
randomelements said:
Taking it back to first principals (assuming you have access to the server):
- what certificate is the server using? (one from your own CA or a third party one like verisign)
- has that certificate expired?
- if using a certificate from your own CA have you installed the root certificate on your phone?
- do the address on the certificate and the one you have entered on the phone match exactly?
- what happens if you turn off the SSL requirement on the server - do you get a different error or does it work ok?
- Do you have another phone you can test with? Failing that what about using Outlook Web Access on a PC over SSL, does that work okay without certificate errors?
Click to expand...
Click to collapse
Hi randomelements,
1. There is not a certificate the server is using. And there is never a certificate required when I used the WM5 on my Hermes. Also my colleagues in US is using the WM6 and there is not any certificate required.
2. Turned off the SSL requirement, there is another error report reading " Your account in Microsoft Exchange Server does not have permission to synchronize with your current settings. Contact your Exchange Sever administrator." and a new support code " 0x85010004" was given.
3.a couple of days ago I used WM5 on my Hermes and there was not any problem. Before using the Hermes, I used the Magician and there was not any problem either.
It works well that using Outlook Web Access on a PC over SSL.
Well...it looks to be a big problem^_^ thank you all the same randomelements!
What version of exchange?
If 2007, the integration with WM6 is tighter than 2003 with WM5 or 6. When I set mine up I had to alter permissions on the Exch 2007 web site. There are pointers on the MS website of you search on that error code and exchange 2007. I dont have the info to hand, but can look on my system tonight.
greatg said:
I'm also having a similar problem. When I connect via usb I can sync with server. When I connect wirelessly, cannot sync. Get server name error. Do you have this file?
Click to expand...
Click to collapse
My situation is NEVER completed any ActiveSync via USB+PC and X01HT's Wireless connection. I think thats problem does not same.
And I am currently using japanese version crossbow. if you have another language with wince.nls, does not solved your issue with my attached a file.
Check the clock on your phone. A couple of times when I flashed I forgot to change the year and had my date set in 2006, which gave me invalid or expired certificate error.
I think I've got what the problem is. I flashed the black 3.01 ROM tonight. After the flash was done, I tried the syn immediately and it succeeded via the wireless connection. But when I replaced the original wincel.nls file with the one with Chinese supported, the syn was failed and I got the same error report.
The problem is I can't use the wincel.nls file without Chiese supported. What should I do?

application file cannot be opened .either it is notsigned with trusted certificate

I am having problems with applications under Windows Mobile 5.0. When i try to run them i get the following error.
The file 'foo' cannot be opened. Either it is not signed with a trusted certificate, or one of its components cannot be found. You might need to reinstall or restore this file.
1)Is there anyway of disabling the checks for trusted applications in Windows Mobile 5.0 on the Wizard?
I think this error becuz u r trying to run wm6 applications under wm5
vodovodo said:
I think this error becuz u r trying to run wm6 applications under wm5
Click to expand...
Click to collapse
I have same problem for BA wm 6.1 5.2.19199.1.0.0 PV DVH. Some people offered solution of HR. I don't agree with this. because we have to lose what we've been installing and spend more time re-installing them. so much time-wasting?
Any other solutions, please?!
Thanks in advance.
Problem may be cause of your SD card if u r using WM6. SD card PowerManagment value is set("DisablePowerManagment") to 0 in your registry. This means after a while your device will set your SD card power off for savg batttery. This cause to unread your program files etc while u start any program on your form your SD card device.
I fixed this problem like that;
By any registry editor:
Find the Path:
"Hkey_local_machine>drivers>sdcard>clientdrivers> class >SDMemory_Class"
after that find;
""DisablePowerManagement"" key and set its value to "1" than save and exit. Than soft reset your device. Problem will be fixed.
Sorry for my bad english.
Windows Mobile powered devices are shipped with default security settings.
The security model enables Mobile Operators to make post-production changes to security settings.
This can place significant restrictions on software which has not been signed and approved.
However you can change the default settings.
Take control of applications on your phone.
"All listed settings are decimal"
1. Connect the phone through ActiveSync.
2. Run your favorite remote registry editor "CeRegEditor (Download)" "Mobile Registry Editor (Download)" on your PC. http://ceregeditor.mdsoft.pl/
3. Navigate to HKEY_LOCAL_MACHINE\Security\Policies\Policies
Unsigned Prompt Policy:
This policy indicates whether the user is prompted to accept or reject unsigned .cab, theme, .dll and .exe files.
HKEY_LOCAL_MACHINE\Security\Policies\Policies
DWord = 0000101a Data = Use the following-->
0 = Indicates user will be prompted.
1 = Indicates user will not be prompted.
you will set that register decimal 1. that is solved problem
I have a HTC Tytn II and i get the same error. However, When trying to alter data using the reg editor you recommended, i found the 0000101a was already set to 1. Any other ideas?
Hi All,
Would someone be so kind to me a explain how I can move a package from the EXT directory or one Kitchen to the EXT directory on this version of kitchen.
I thought I could just simply copy the directory? So I had a go compiling a version of youtube from a different kitchen It would seem mot to work thou as I get the dreaded The file 'xx' cannot be opened. Ether it is not signed with a trusted certificate, or one of its components cannot be found. If the problem persists, try reinstalling or restoring the file.
Any ideas how to get this to work?
Or look for the tool MsSigner, it can be found in most kitchens.
You'll be able to sign it with a signature that is accepted after you aply the enablyRapi and SPCCerts policies.
You're probably missing a key dependency package like dshow (mshow?) or concurrence manager. Also, make sure the shortcut path is valid. Lord knows why, but that's the message you get for bad shortcuts.
josephwsl said:
I am having problems with applications under Windows Mobile 5.0. When i try to run them i get the following error.
The file 'foo' cannot be opened. Either it is not signed with a trusted certificate, or one of its components cannot be found. You might need to reinstall or restore this file.
1)Is there anyway of disabling the checks for trusted applications in Windows Mobile 5.0 on the Wizard?
Click to expand...
Click to collapse
maybe .NET CF is missing or not up-to-date?
RAMMANN said:
maybe .NET CF is missing or not up-to-date?
Click to expand...
Click to collapse
ahh i love you bro, u saved me an hassle i tried everything and it was the net.cf
damii said:
you will set that register decimal 1. that is solved problem
Click to expand...
Click to collapse
When I try that, I'm told I don't have the authority to access that. :-(
now what?
Yeah, me too!!!
All of a sudden too. Everything was fine then I got these certificate errors every time I try to run Haret.exe to run android. This happened last night. Did my provider change something on me?
I try to change that registry key and it won't let me.
Re:this post
I have same problem for BA wm 6.1 5.2.19199.1.0.0 PV DVH. Some people offered solution of HR. I don't agree with this. because we have to lose what we've been installing and spend more time re-installing them. so much time-wasting?
You need hard reset!
Same problem "certificate errors" and a hard reset wont work
Plz help
damii said:
Windows Mobile powered devices are shipped with default security settings.
The security model enables Mobile Operators to make post-production changes to security settings.
This can place significant restrictions on software which has not been signed and approved.
However you can change the default settings.
Take control of applications on your phone.
"All listed settings are decimal"
1. Connect the phone through ActiveSync.
2. Run your favorite remote registry editor "CeRegEditor (Download)" "Mobile Registry Editor (Download)" on your PC.
3. Navigate to HKEY_LOCAL_MACHINE\Security\Policies\Policies
Unsigned Prompt Policy:
This policy indicates whether the user is prompted to accept or reject unsigned .cab, theme, .dll and .exe files.
HKEY_LOCAL_MACHINE\Security\Policies\Policies
DWord = 0000101a Data = Use the following-->
0 = Indicates user will be prompted.
1 = Indicates user will not be prompted.
you will set that register decimal 1. that is solved problem
Click to expand...
Click to collapse
Thanks! That really helped me. You literally saved me a good night sleep. I was already desperate.
Wow, it works Thank you!!!
Awesome!!!
This worked perfectly. Thanks so much for the help. I've been racking my brain about this for over an hour now, then found this through a search.
Thanks!
OMG
I have the same problem and I tried :
1/ Hard Reset
2/ Rom Update
3/ installed NetCFv3.5
4/ editing values in the registry
what els ????!
plzz i need your help

Installation of cab files throws errors

Hi. I just recently purchased an HTC Touch Pro2 from T-Mobile running WinMo 6.5. That being said, I have not been able to open any cab files on the device to install some software. Basically I'll transfer the cab to the device and attempt to open it. I get one of three messages depending on the app I guess. the most basic is "Installation was unsuccessful" to "Installation was unsuccessful. The program or setting...not digitally signed...trusted certificate" (this was from MobileFTPClient). Installing Opera Mini 5 gives a simple: "Installation of mini5wm.cab was unsuccessful".
Ok, so being a software developer for 10 years I've been looking into some registry values and can't seem to find what I need to get anything to install. If I download from the Windows Marketplace that's all good, but nothing else.
What do I need to do to be able to install cab flils directly? Honestly if I can't get this to work this phone is going back. I moved from an iPhone to this phone specifically so I can install apps and monkey around with the device, but so far I'm done before I started.
Thanks for any info you can give me.
its in one of your phone/device settings to let u download and install apps or cabs not digitally signed. thats all, i believe. just find it and check it off. or look for advanced config cab if u can find it and install that. it has an option in there also to let u download/install whatever..
mullethunter said:
Hi. I just recently purchased an HTC Touch Pro2 from T-Mobile running WinMo 6.5. That being said, I have not been able to open any cab files on the device to install some software. Basically I'll transfer the cab to the device and attempt to open it. I get one of three messages depending on the app I guess. the most basic is "Installation was unsuccessful" to "Installation was unsuccessful. The program or setting...not digitally signed...trusted certificate" (this was from MobileFTPClient). Installing Opera Mini 5 gives a simple: "Installation of mini5wm.cab was unsuccessful".
Ok, so being a software developer for 10 years I've been looking into some registry values and can't seem to find what I need to get anything to install. If I download from the Windows Marketplace that's all good, but nothing else.
What do I need to do to be able to install cab flils directly? Honestly if I can't get this to work this phone is going back. I moved from an iPhone to this phone specifically so I can install apps and monkey around with the device, but so far I'm done before I started.
Thanks for any info you can give me.
Click to expand...
Click to collapse
The cab I have attached may help you...it's some SDK certificates that will allow installation of certain unsigned apps, but I don't know if this is what the ones you're running are requiring and missing. It won't harm anything to try this one, and you can easily uninstall it if it doesn't do the trick
Thanks guys. Sirphunkee - that cab actually installed, but I'm having the same problem. Another forum has suggested that I take the device back to T-Mobile, but it just seems like there's a setting that's not right in the OS. Demandarin - I've looked for various security permissions in the UI with no luck. I've mucked around with some Policy values in the registry per some threads on this forum, but still nothing.
I'll keep trying, and thanks.
So...weird; Opera Mini and Weather Bug (well known apps) wouldn't install, but an SMS notification disable cab installed (from the xda site) as did Evernote (evernote.com). I have no clue what the deal is, but it's getting beyond stupid that I can't install just any cab file.
mullethunter said:
So...weird; Opera Mini and Weather Bug (well known apps) wouldn't install, but an SMS notification disable cab installed (from the xda site) as did Evernote (evernote.com). I have no clue what the deal is, but it's getting beyond stupid that I can't install just any cab file.
Click to expand...
Click to collapse
Have you already installed .Net 3.5? It's a framework that many other programs use (and need) to install, and it's not on the TP2 by default...it's the only other think I could think of that would keep you from installing stuff. Cab is attached, if you don't have it already.
Got it. I installed the Device Security Manager PowerToy and was able to change the configuration there. Opera Mini 5 just installed.
Never would have thought the phone would come that locked down, but so far so good. Thanks for all of the ideas.
mullethunter said:
Got it. I installed the Device Security Manager PowerToy and was able to change the configuration there. Opera Mini 5 just installed.
Never would have thought the phone would come that locked down, but so far so good. Thanks for all of the ideas.
Click to expand...
Click to collapse
Well yeah what's weird is that I never had to use that to get any of those apps installed

Touch Pro2 Certificate problems

Hi All.
At the moment we have a problem with the HTC Touch Pro2.
TMobile Netherlands has a custom rom placed on these devices.
We need to install new certificates but when we install them on devices with that TMobile rom it says "Installation Failed"
Is there any way to unlock the certificate store on those devices?
You have copied the .CER file to the device and double clicked it in your mobile explorer?
I've only used it to enter my Certificate Server rootcertificate to the trusted root store in my TP2.
Doubleclick on a .CER file should do it.
ronh said:
You have copied the .CER file to the device and double clicked it in your mobile explorer?
I've only used it to enter my Certificate Server rootcertificate to the trusted root store in my TP2.
Doubleclick on a .CER file should do it.
Click to expand...
Click to collapse
Hi ronh,
i've tried that already but it's telling me "Installation failed".
We've also made a cab file and tried to install it that way but that also doesnt seem to work.
When we install the same certificate on telephones without the dutch T-Mobile rom, it installs with no problem.
It looks like T-Mobile blocks the possibility to import certificates.
When you double click a .CER file on you TP2 it must import it automatically.
Strange...

Categories

Resources