I’ve been having a problem for a while with my Nokia 6300 phone not accepting the self-signed SSL certificate I use on my IMAP server (dovecot). This is a bit annoying because I can’t read emails on my phone.
Various Nokia forums suggest that you need to download the certificate over HTTP to install it. This is true, but there is an extra key step: the certificate needs to be in the DER format rather than PEM, which the phone doesn’t like. To convert, just use OpenSSL like this:
openssl x509 -in dovecot.pem -inform PEM -out dovecot.crt -outform DER
Place this somewhere you can access over HTTP and navigate to it using the phone. You’ll be asked if you want to save it, say yes and the certificate will be permanently installed in the phone. Now try accessing your mail over IMAPS and everything should work.
This trick should also work for other SSL applications (e.g. HTTPS), but I haven’t tried it.
hm, my nokia 6300 does not seem to download the generated certificate. No questions asked. Am I missing something?
November 26, 2009 @ 10:46 am
Hmm, not sure. My problem was that it would download but then not
install it. Have you checked that your web server is sending the correct
MIME type in the header? application/x-509-ca-cert IIRC.
November 26, 2009 @ 10:19 pm