How to import the default or self signed certificate on Windows Mobile

  • 7007672
  • 25-Jan-2011
  • 10-Dec-2013

Environment

Products:
Novell Data Synchronizer 1.0
Novell Data Synchronizer Connector for Mobility
Novell Data Synchronizer Connector for GroupWise
Novell Data Synchronizer Mobility Pack Update

Configuration:
Self Signed Certificate or Default Certificate being used

Situation

How to import the default or self signed certificate on Windows Mobile
ERROR: "Synchronization could not be completed, Try again later" on Windows Mobile Device
Windows Mobile Devices gives an error indicating that it is not a valid certificate

Resolution

Some Windows Mobile Devices require the following
  1. Certificate should be from a Trusted Authority 
    If possible, obtain a certificate from a Trusted Authority

  2. "Issued to" name in the Certificate should match the DNS name
    .Data Sync Mobility generates a default self signed certificate, however the certificate is assigned to "DataSync MobilityPack" and not to the DNS Name that the devices would connect to. Please avoid using a self-signed certificate as much as possible. Some devices do not perform well with self signed certificate.  However, if needed, please follow the steps in the following TID to create a self-signed certificate with the correct DNS Name.
    https://support.microfocus.com/kb/doc.php?id=7007674&sliceId=1&docTypeID=DT_TID_1_1&dialogID=200084922&stateId=0 0 200086767

If a self signed certificate is used and the certificate has the proper DNS name, then the certificate needs to be installed on the Windows Mobile Device manually. Please follow the step listed below:
  1. Copy  /var/lib/datasync/device/mobility.pem to /var/lib/datasync/webadmin/server.pem .
  2. Restart webadmin by typing "rcdatasync-webadmin restart " and press Enter.
  3. Launch Internet Explorer 8 and visit https://IPAddressOfDataSycnServer:8120 and click "Continue to this website ".
  4. Click on the Certificate Error besides the address bar | View Certificate and click the Details tab.
  5. Click Copy to File and save the Certificate in "Der encoded binary X.509 (.CER)" to c:\mob.cer
  6. Copy mob.cer to the Device using a cable or using email (Email it to an account and launch the email using the browser on the device and save it on  the device).
  7. Double click on mob.cer to install it on the device.
  8. Now try configuring the ActiveSync account and it should work.
If a self signed certificate is used but the certificate has an improper DNS name, then follow the above steps and also follow the steps listed below:
  1. Use a Windows Mobile Registry Editor to edit the registry of Windows Mobile Device. There are many registry editors available on the internet. One of the Registry Editors can be found on following website http://ceregeditor.mdsoft.pl/
  2. Download this on a workstation that have ActiveSync software installed and connect the Windows Mobile Device with a cable to the Workstation.
  3. Launch the registry editor and browse to HKLM\Comm\Tcpip\Hosts .
  4. Right click on Hosts and create a new Key and give it the name that is on the Self Signed Certificate. For example, if the Default certificate from Mobility is being used, name it "DataSync MobilityPack ".
  5. Right click on the new key and click New | Binary Value .
  6. Give it the name ipaddr and in the value type Hex of the Public IP Address. For example if the IP Address is 192.168.19.19, then the value would be C0 A8 25 25 . calc.exe can be used to find the hex of the IP Address.
  7. Right click on the new key and click New | Binary Value .
  8. Give it the name ExpireTime and in the value type 99 99 99 99 99 99 99 .