Notes : Adding SSL Certificates to a Motorola Slvr
Motorola provides no method of permanently accepting SSL certificates or documented method of adding certificate authorities to the phone. For many services, I cannot justify the expense of signed SSL certificates. Often, I'm one of very few users and am happy to install or manually accept such a certificate when needed. With my previous cellular telephones, particularly the Nokia 6600, adding certificates proved trivial. However, upon switching to a Cingular-branded Motorola Slvr L7, warnings of such self-signed certificates while accessing my email and web services seemed unavoidable. Alas, I have installed a new CA...I am unsure whether it is possible to store server certificates on the Slvr, but it is certainly possible to install a new certificate authority such that all self-signed server certificates are accepted. While I have only tested with a Slvr, I suspect the same method may be used with any Motorola P2k phone. The certificate required is a variation of the x509 binary DER format. This may be easily created from an existing CA certificate using openssl and a hex editor, such a khexedit. Say one has a certificate authority certificate in PEM format, such as:
-----BEGIN CERTIFICATE----- MIIEcDCCA1igAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhjELMAkGA1UEBhMCVVMx .... -----END CERTIFICATE-----This must first be converted to the binary DER format with:
openssl x509 -in ca.crt -inform pem -out ca-der.crt -outform derIf now installed to the phone, such a CA will not be recognized. Certificates signed with it will continue to prompt the user. Interestingly, all of the CA certificates installed to the phone have two bytes prepended to what otherwise appears to be a standard DER format certificate. Since this is a binary file, adding "0 1" in a hex editor creates a certificate that will work on the phone. Here are the first few bytes of my unmodified DER and modified DER certificates:
Finally, this certificate must be uploaded to the phone. I have used moto4lin. All certificate authorities are stored in
30 82 04 70 30 82 03 58 A0 03 02 01 02 02 01 00 *DER* 00 01 30 82 04 70 30 82 03 58 A0 03 02 01 02 02 01 00 *Slvr DER*
/a/mobile/certs/root/x509/ssl/. Uploading ca-der.crt, above, is all that is necessary. The certificate should now be listed in phone's root certificates, available in the menu Settings:Security:Certificate Mgmt:Root Certs.
Last Modified: 17 Nov 2009