Notes : Adding SSL Certificates to a Motorola Slvr
Motorola provides no method of permanently accepting SSL certificates or documented method of adding certificate authorities to the phone. For many services, I cannot justify the expense of signed SSL certificates. Often, I'm one of very few users and am happy to install or manually accept such a certificate when needed. With my previous cellular telephones, particularly the Nokia 6600, adding certificates proved trivial. However, upon switching to a Cingular-branded Motorola Slvr L7, warnings of such self-signed certificates while accessing my email and web services seemed unavoidable. Alas, I have installed a new CA...
I am unsure whether it is possible to store server certificates on the Slvr, but it is certainly possible to install a new certificate authority such that all self-signed server certificates are accepted. While I have only tested with a Slvr, I suspect the same method may be used with any Motorola P2k phone. The certificate required is a variation of the x509 binary DER format. This may be easily created from an existing CA certificate using openssl and a hex editor, such a khexedit. Say one has a certificate authority certificate in PEM format, such as:-----BEGIN CERTIFICATE----- MIIEcDCCA1igAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhjELMAkGA1UEBhMCVVMx .... -----END CERTIFICATE-----This must first be converted to the binary DER format with:
openssl x509 -in ca.crt -inform pem -out ca-der.crt -outform derIf now installed to the phone, such a CA will not be recognized. Certificates signed with it will continue to prompt the user. Interestingly, all of the CA certificates installed to the phone have two bytes prepended to what otherwise appears to be a standard DER format certificate. Since this is a binary file, adding "0 1" in a hex editor creates a certificate that will work on the phone. Here are the first few bytes of my unmodified DER and modified DER certificates:
30 82 04 70 30 82 03 58 A0 03 02 01 02 02 01 00 *DER*
00 01 30 82 04 70 30 82 03 58 A0 03 02 01 02 02 01 00 *Slvr DER*
Finally, this certificate must be uploaded to the phone. I have used
moto4lin. All
certificate authorities are stored in
/a/mobile/certs/root/x509/ssl/
. Uploading ca-der.crt,
above, is all that is necessary. The certificate should now be listed
in phone's root certificates, available in the menu
Settings:Security:Certificate Mgmt:Root Certs.
Created: 01 May 2007
Last Modified: 17 Nov 2009
Last Modified: 17 Nov 2009