SSL certificates in S60 3.0

Fri, 16 Feb 2007 13:32:55 +0200

There has been some discussion in various forums about how to install a SSL certificate to S60 3.0 device. I asked around and I'm planning on creating a short document around the subject. But first the quick way of sharing information - a blog! I hope this will provide some clarity to the subject.

An SSL certificate can be used for different purposes:

Authenticating client to server (e.g. SSL/TLS client authentication)
Authenticating server during SSL/TLS handshake

Using client certificates to authenticate a user
S60 only allows importing personal certificates and associated keys from .p12 files. The certificate must be a general X.509 certificate which is DER encoded. Private key and certificate file are to be packaged into a PKCS 12 package (.p12 format). The file can then be imported to the device, for example by using file transfer.

Using the certificate to authenticate a web server
The certificate must be a general X.509 certificate which is DER encoded. In order to be able to import certificate, it must be recognized as a CA certificate to make it work.

If certificate is not recognized as a CA certificate (meaning that key usage is not CertSigning and BasicConstrains doesn’t indicate that it is not a CA certificate), then you need to follow these steps

Using a web server:
1. Copy the certificate file to Web server
2. Set the MIME type for the directory where the certificate is as application/x-x509-ca-cert
3. Use the web browser in the S60 device to browse the certificate
4. Import the certificate

Risto Helin's Forum Nokia Blog

SSL certificates in S60 3.0