Category: General

Posted on in Computers, General

Installing SSL certificates on Nokia S60 devices

Just something that might come in useful to some.

I found on my Nokia N80 that it throws up a lot of untrusted cert warnings when browsing some sites, and also when using Devicescape (neat app to log onto wireless hotspots and access points). It turns out I’m missing a root cert for GoDaddy, one of the lesser but popular (i.e. cheaper) signing authorities which a lot of sites use, including Devicescape (which is actually one of Nokia’s recommended Download! apps).

Nokia haven’t issued any sort of cert update pack, so it’s up to you to install the missing root certs. Rightly or wrongly, they make this difficult. It makes sense in ways to ensure you don’t go and install bad authority certs. However it also rules out a chunk of the net because they haven’t updated the root certs, and yet even Microsoft include GoDaddy certs.

Anyway, first port of call to install them is to get them from GoDaddy. They host their root certs at https://certs.godaddy.com/Repository.go.

Problem is, the N80 doesn’t recognise them properly. You need the DER format certs, so the gd-class2-root.cer certificate seems the most likely choice. Browse to this on the N80 however and you just get a text page containing the content. Try copying the cert to the phone and load it in the file manager app and it doesn’t recognise it.

Googling, there seem to be a number of options. A Nokia blog suggests the issue may be the MIME type when serving up the cert file.

The solution being to stick the DER format cert on a web server and have it issue the mime type application/x-x509-ca-cert. Having a suitable web server, I tried this and sure enough when browsing to the cert the N80 tries to install it as a cert, only to then say it’s corrupted.

A bit more surfing turned up a post here regarding the GoDaddy cert in particular, suggesting converting it to the right format like so…

openssl x509 -in gd-class2-root.cer -out cert.cer -outform DER

Sure enough, doing this (you need the openssl package to issue this command obviously), and browsing to the cert on the phone, the cert installed fine. Also you can probably transfer the file to the phone via cable/bluetooth/etc.

Another option is a service for uploading certs to a server which converts them to a suitable format for loading onto S60 devices: http://www.redelijkheid.com/symcaimport/. Although it didn’t work with the GoDaddy cert for me, but then maybe it needs the extra openssl conversion.

Anyway, now I have a GoDaddy root cert so a lot more of the net is trusted. Obviously though the security trust is down to how much I trust the root cert I downloaded and okayed it with the phone when installing it.

Now what we need is for Nokia to issue a root cert update pack (without having to buy a new phone).

Posted on in General

Orange 3G – update

Following on from the issue I posted earlier, on travelling abroad I have discovered something extra about 3G.

I was led to believe that 3G requires a USIM rather than a SIM. This is certainly what Orange UK requires and to get a 3G USIM you need to either buy a 3G Orange branded phone on contract or get a 3G PAYG SIM (with no option to transfer the number to contract). i.e. you can’t get 3G on Orange UK with a SIM free 3G phone .

Travelling in France with my plain “2G” SIM that only gives me 2G on Orange UK, I discovered the phone locked onto Orange France but got a 3G signal! Same with Orange Switzerland and another roaming parter.

Back in the UK, a bit more googling and it turns out USIMs have nothing to do with it at all!

The problem is Orange UK have used 3G as a way of pushing Orange branded phones and moving customers onto USIMs. Other than that, there’s no technical reason to use a USIM for 3G, as is demonstrated outside the UK.

Other UK networks in fact it appears allow access to their 3G network with a regular SIM.

Still the problem remains that I can’t get 3G on Orange contract without buying an Orange branded phone (which I won’t do, due to lock downs and high monthly costs on the high-end phones ultimately costing as much or more as a SIM free phone).

Posted on in General

last.fm

last.fm logo Didn’t really get the idea of social networking your music, and still not too sure, but I’ve signed up for last.fm and found that Rockbox* and Slimserver both support updating your last.fm profile with what music you’ve been listening too (this is known as ‘Scrobbling’).

So I can have my music profile updated now when using my iRiver (through Rockbox) and Squeezebox (via Slimserver).

Why anyone would be interested in my music profile I don’t know, but here it is: http://www.last.fm/user/tj_moore/

What’s useful though is to see for myself what my tastes are like, and to some extent it’s handy to remember what I played recently (I tend to go through album by album for a particular artist so I like to continue where I left off).

last.fm actually has it’s own software which acts as music player, but you don’t have to use it to ‘scrobble’. It does allow you to listen to their own radio station though (but apparently there is a plugin for Slimserver to do this also).

* – Rockbox is open source firmware for mp3 players, offering better file format support (no DRM support though… but that’s a good thing), rich features, gapless playback on devices that don’t support it, even videos on devices that never played videos!, and games (e.g. Doom).