Root Certificates and Windows Mobile

Had a wierd week just past. My HTC Touch Dual 850 phone suddely stopped working. The symptom began with Active Sync not working. I discovered that everytime I hit sync on the phone, Active Sync would terminate. Rebooting didn’t fix the problem. I cleared the phone settings and started again. Still no luck. I found further symptoms. When I opened IE on the phone, I could browse to various web pages. When I tried to open a https page, IE would also terminate. Further testing revealed that this worked fine when working with Vodafone, or when plugged into the PC. However, I could not do this on the Telstra network. After getting to level 3 support, I was asked to try removing the proxy setting. This worked.
 
BUT…..
I now got a new error message stating that my nice new thrid party certificate was not valid. OWA and outlook Anywhere worked fine, just not Active Sync on Windows Mobile 6. Finally…. after 5 days of messing about, which included a reimage of the phone ROM image, I solved the problem.
 
Earlier, I recommended that we can use RapidSSL from www.ssldirect.com as a trusted certificate on SS2008. When contacting SSL Direct with this problem, they said that their RapidSSL certificate was not certified to work with mobiles. This was very unusual, since it had been working fine up to this point. The RapidSSL certificate uses a certificate issued by Equifax Secure Global eBusiness CA-1. Whenever I installed the certificate on WM, the certificate would be installed as an intermediate certificate. There is no utility to install this as a root certificate. However, I found a Equifax Secure Global eBusiness CA-1 root certificate on SSL Direct, which installed itself as a root certificate, and apparently, this passes the intermediate requests on like a proxy. Installing this certificate fixed the problem, although I do not recall having to do this when it was working earlier. Something to note down for the future. In the meantime, be careful.
***Comment from Previous Blog site.
Tony Fahlstedt – 16 Dec., 2008 – Delete
Hi Boon,

I experienced pretty much the same thing with a Sony Ericsson p1i cell phone, that phone does have the same equitrac cert built in as HTC phones have, however not the correct version of it, so I downloaded this root cert and installed it, after that activesync worked no hassles.

http://langhofer.at/fileadmin/images/exchange/Equifax_Secure_Global_eBusiness_CA-1_DER.cer

Have not tried it with a HTC though, but I think it will work.

/Tony

Leave a Reply

Your email address will not be published. Required fields are marked *

Solve the Equation to continue * Time limit is exhausted. Please reload CAPTCHA.