Search Discussions:
Showing results for 
Search instead for 
Do you mean 
Advanced Search...
Welcome to Nokia Support Discussions! Here you can share advice and tips with thousands of other Nokia users around the world in English. Many Nokia employees also follow and participate in the discussions, see our guidelines for more information. Everyone can search and read the discussions, but to post your own question or reply to others, simply sign in with your Nokia account. If this is your first time here, you can choose an alias to represent you. And if you don't have a Nokia account yet, please register.
Reply

Re: Nokia N96 WLAN / digital certificate PIN reque...

Counsellor
Posts: 184

Nokia N96 WLAN / digital certificate PIN request issue (also on N95 8Gb)

I am experiencing what I believe to be a bug in fw 12.043 on this phone (also occured in v20 firmware on N95 8Gb)

Scenario
* Configure a wireless LAN connection that uses WPA-EAP (using digital certificates)
* configure any application (especially "always on") one to use this connection, ie configure an email account under "Messaging", set access point to this WLAN, and configure automatic retrival.
* Switch off phone
* leave coverage area of WLAN
* Turn on phone when out of WLAN coverage
* wander into coverage
* Observe that after a while phone will pop up request for module PIN which protects digital certificates
* leave phone alone, and observe that whilst this dialog is displayed excessive battery is consumed and phone becomes warm (CPU spin?)
* observe that after a few hours phone will be dead.

It appears the issue here is twofold
a) There is no way to disable the prompting for PIN code (certificate security module)
b) Whilst prompting for PIN some high-burn loop etc is occuring.

Impact: flat battery
Please use plain text.
Sage
Posts: 134

Re: Nokia N96 WLAN / digital certificate PIN request issue (also on N95 8Gb)


07-Jan-2009 06:38 PM
planetf1 wrote:

a) There is no way to disable the prompting for PIN code (certificate security module)





Starting from S60 3rd Edition FP2 (N96, N79, N85 etc.) S60 Certificate Manager actually provides means to prevent certificate (private key) PIN code queries when utilizing user/client certificates e.g. in case of WLAN EAP authentication.

In order to prevent these private key storage PIN queries user/client certificate can be placed in to the "Phone Certificates" storage instead of "Personal Certificates".

In order to do that user/client certificate must be first installed in to the Personal Certificates (as you have done already) and then it can be moved to the "Phone Certificates" storage which stop prompting of the PIN code when given certificate/private key is being used for EAP authentications.

Go to Tools -> Settings -> General -> Security -> Certificate Management -> Personal Certificates and select Options -> "Move to Phone Certificates" for the user/client certificate configured for the WLAN EAP authentication usage.

Note that "Phone Certificates" option is not available on 3rd Edition FP1 (N95-8GB) but it should help you at least with the N96.
Please use plain text.
Counsellor
Posts: 184

Re: Nokia N96 WLAN / digital certificate PIN request issue (also on N95 8Gb)

That is *exactly* what I needed. Didn't notice the "move" on options menu and had asked this question before/elsewhere/searched but didn't see this solution.

Since I upgraded from N95 to N96 I'm fine (my Son now has the N95, but doesn't need certs...)

Made the change and it works as expected

Thanks muchly!!
Please use plain text.
Sage
Posts: 134

Re: Nokia N96 WLAN / digital certificate PIN request issue (also on N95 8Gb)


08-Jan-2009 10:31 AM
planetf1 wrote:
That is *exactly* what I needed. Didn't notice the "move" on options menu and had asked this question before/elsewhere/searched but didn't see this solution.

Since I upgraded from N95 to N96 I'm fine (my Son now has the N95, but doesn't need certs...)

Made the change and it works as expected

Thanks muchly!!




Your welcome, glad it helped!

By the way in addition to 3rd Edition FP2 onwards, also E66 and E71 are equipped with this option of utilizing "Phone Certificates", in case someone else is having similar needs with their E66/E71.
Please use plain text.
New Member
elkinsdl
Posts: 4

Re: Nokia N96 WLAN / digital certificate PIN request issue (also on N95 8Gb)

I am having a similar issue, but my cert is located in Trusted Site Certificates after I save it.   There is no option to move it from there.  I am using an E72.

 

Thanks.

Please use plain text.
New Member
goosett
Posts: 1

Re: Nokia N96 WLAN / digital certificate PIN request issue (also on N95 8Gb)

 


By the way in addition to 3rd Edition FP2 onwards, also E66 and E71 are equipped with this option of utilizing "Phone Certificates", in case someone else is having similar needs with their E66/E71.

 

Hi, saataja!I am using E71. And I have an option "Move to Phone certifs.". After asking to promt the Phone key store password, nothing happens. And my certificate is still located in "Personal Certificates".

Do you have any suggetions?

Thank you.

 

Please use plain text.
Sage
Posts: 134

Re: Nokia N96 WLAN / digital certificate PIN request issue (also on N95 8Gb)

 


goosett wrote:

 


By the way in addition to 3rd Edition FP2 onwards, also E66 and E71 are equipped with this option of utilizing "Phone Certificates", in case someone else is having similar needs with their E66/E71.

 

Hi, saataja!I am using E71. And I have an option "Move to Phone certifs.". After asking to promt the Phone key store password, nothing happens. And my certificate is still located in "Personal Certificates".

Do you have any suggetions?

Thank you.

 


 

That sounds weird, at least I haven't seen or heard that kind of problem before. 

 

I actually just tried this with my old E71 (ver. 500.21.009) and didn't have any problems moving my EAP-TLS client certificate back and forth between Personal Certificates and Phone Certificates.

 

I assume that the Personal Certificate have installed on the E71 is working otherwise fine (for EAP-TLS authentication) and only problem you have is getting it moved from Personal to Phone Certificates?

 

And when you attempt to move it, you entered the key store password correctly but certificate just doesn't get moved to Phone certificates?  There's no error message or anything when it does "nothing"?

 

Here's some suggestions to try out, but please note that this is just guessing some ideas that might help.

 

1.Try changing / resetting the key store password. Go to Tools -> Settings -> General -> Security -> Security Module -> Phone key store -> Module Pin -> and select/click on the "Phone key store code".  This should ask you to first enter the current key store password and then it ask you to enter the new password (enter new code twice to confirm).

 

Try moving your certificate from Personal Certificates to Phone Certificates and provide the "new" key store password you just changed.

 

2. Try removing and re-installing the particular Personal certificate.

 

First make sure that you still have a means to install this particular certificate again after you have removing it from the phone's certificate manager.

 

Then make sure that your phone is not currently using the WLAN connection where this particular Personal certificate is to be used. (go out of WLAN coverage or switch your phone to "Offline" profile and don't allow it to create WLAN connection in Offline mode if asked.

 

Then go to Tools -> Settings -> General -> Security -> Certificate Management -> Personal Certificates -> highlight your personal certificate  -> select Options -> Delete.  This should remove the certificate and it's private key from phone certificate storage.

 

Reboot the phone just in case. 

 

Re-install your Personal certificate and see if you can now move it to Phone Certificates (after it get's initially installed to Personal Certificates). 

 

After re-installing certificate(s) remember to check that your EAP settings are correctly defined and make sure that appropriate certificates are selected to as Personal and Authority Certificates. Removal of the personal cert. has probably reverted EAP settings specific Personal certificate selection to "None".

 

3. If nothing else helps and you are really eager to make this work, you could take a backup of your important phone content and try resetting your phone back to factory defaults (*#7370#).

 

If you plan on restoring previously backed up data to your phone, you should probably not restore the "settings" part of the backup because sometimes restoring old backed up settings (especially if restoring from older phone firmware versions) might have caused some problems. And restoring backup of your "current" settings after factory reset might also restore your problem of not being able to move your certificate.

 

That's about all I can think of, I hope you get it sorted out.

Please use plain text.