Installing SSL Certificates to a Locked Smartphone (Motorola Q, Cingular 3125 etc)

  • Article

motorola q smart phone

If you are connecting to an Exchange Server or even to an Live Communication Server for Mobile Communicator you may need to install an SSL cert onto your Motorola Q or other Mobile Device.  

Why?

1.  Well if your Administrator did not use an SSL cert from one of preinstalled Cert Authorities. https://partner.microsoft.com/global/partner/40027352) They all have a client cert installed on the Windows Mobile Devices by the OEM.  If your aren't using one of the CAs then you will need to install a Clent Cert to the Device so that the Device can authenticate against your Exchange or LCS server to get Mail or Instant Message. 

2. Generally all you need to do is install the Cert to the Windows Mobile device and then run it through the local file manager however since the file manager on the Motorola Q doesn't have permissions to write to the Device Certificate Store we have a problem.

What can we do?

Well Here are a few Steps you can follow to get those certs onto your device.

Step 1.
Create a new folder on the Q device under the root folder, i.e. "/".  Use the File Manager applet on the Q to do this.  The folder name must be called Storage.

Step 2.
Move the certificate file (.CER) to the Storage folder

Step 3.
Download the SPaddcert utility (link to utility is included at https://support.microsoft.com/kb/841060/en-us)  Note: It isn’t necessary to download the Verizon Wireless specific tool, although it works.

Step 4.
Extract the ZIP file and locate the SpAddCert.exe (or VZW_SPAddCert.exe) file and copy it to the /Storage location.

Step 5.
On the Q, using the File Manager, locate and run the SPAddCert.exe tool.  This tool will look in /Storage for certificates and present what certificates it finds there for installation.  It will then install the selected certificates. 

Step 6.
Power off and power on the device.

 

*Note if you have installed the MSFP update on your device you may run into an issue where you get the error "Invalid SSL Cert"

What you will need to do in Install a Registry Editor -  PHM Registry Editor for Smartphone https://www.phm.lu/products/Smartphone/RegEdit/

Please select the Smartphone Download:

Then Go to HKLM\Security\Policies\Policies\00001017
Change its value from 128 to 16.  I would recommend changing it back after you install the certs.

Detialed steps below:

  1. You will end up dowloading a .CAB file.  Save it to your Desktop.  Now you will have regedit.Stngr_ARM.CAB on your desktop.
  2. Use either Activesync or Copy regedit.Stngr_ARM.CAB to a SD card and then put the SD card in the Device.
  3. Find File Manager and run regedit.Stngr_ARM.CAB from where you stored it
  4. You've now installed PHM Registry Editor
  5. Now Go to start -> Look in your programs for PHM Registry Editor and Run it
  6. You will get a screen with HKEY_ Classes Etc.   Choose HKEY_Local Machine
  7. Follow the Tree and Choose Security -> Then Choose Policies -> Then Choose Policies again and you should see a black screen
  8. One of the soft keys will say Values, Click that and you will see a bunch of numbers
  9. Select 00001017 and hit the cert nav key to open the properties.
  10. Change the Value from 128 to 16 then click  done. 

Now you've set it so that you can install Certs onto the device. Find the .Cer file that you want to install in File Manager and just click on it and it will ask you if you want to install it.   You won't get the warning that  you don't have permissions anymore.