| Adding a Root Certificate to a Motorola RAZR V3xx |
 Adding a Root Certificate to a Motorola RAZR V3xx
|
Jan. 2nd, 2008 @ 10:00 am 
|
|---|
Yesterday I covered how to set up a GoDaddy SSL Certificate to work with Firefox and Thunderbird without generating warnings, even through stunnel. So now, in theory, you have your email SSL protected. And you've hacked your phone a bit and are using the internal email client (Message Center - Email Msgs) that Cingular hides but Motorola builds into your RAZR variant. You've reconfigured your email to pick up using SSL from port 995. But now you get an Invalid Certificate warning every time you pick up or check email using the internal text-based client! (Which, super-savvy power users know, is the fastest way to get them. If you see that you want the full email, you can then log in using webmail to get it, but you don't have to bother for most messages.)
Here's how to address this.
But first get your tools ready. You will need OpenSSL, Christian Maas' XVI32, and a way to get files to and from your phone. I use P2kCommander for my RAZR editing. It's free, but I did send the author some money via PayPal. If you use it, I suggest you send him a few bucks too.
If you haven't done phone "mods" before, this may take a while to set up. You will probably need to register at Motorola to get the USB drivers, or this quick start guide may get you there quickly.
On the RAZR, Settings - Security - Certificate Mgmt - Root Certs will list all the current certificates. Odds are pretty good that the one you're using isn't there. It's a pretty small list. Even worse, there's no apparent way to add a certificate.
On the phone itself, the certificates live in:/a/mobile/certs/root/x509/ssl/
And there aren't very many of them. A quick look at one at random shows it to be in a slightly modified DER form (i.e. has some plaintext in it) rather than in SHA form, the modification being a 00 01 at the start. So at the very least we have to convert our certs.
Remembering that we downloaded the GoDaddy root earlier (yesterday's entry), we convert the PEM style to DER with:openssl x509 -in gd-class2-root.crt -inform pem -out godaddy_root.crt -outform der
GoDaddy has what they claim is a DER-format key available, but I couldn't get it parsing correctly, so converting a known-working key is easier.
(Note: I strongly suggest sticking with a RAZR-consistent name such as godaddy_root.crt because I've had some issues when using the more SSL/Unix names with hyphens rather than underscores. They may not be related, but why risk it?)
Next we put those two bytes we see in the stock certificate, into our new certificate. Using XVI32, load godaddy_root.crt and...
Edit - Insert String - Hex String, 00 01
File - Save Finally copy the file to: /a/mobile/certs/root/x509/ssl/ and reboot the phone. The new cert shows, in this particular case as, "(P)USThe Go D", with full name of "USThe Go Daddy Group, Inc.GoDaddy Class 2 Certification Authority". And now your RAZR won't warn you when you access a GoDaddy-certified site. |
|
|
| Top of Page |
Powered by LiveJournal.com |
![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
bloggit's journal