Sony Ericsson K800i Install Digital Certificate
Many of the phones in the Sony Ericsson range have good cameras and passable email. I recently wanted to combine the two so I could email photographs from the phone directly into my online photo album, which uses the open-source Gallery2 web application. I installed Gallery2's Add via Email plug-in and configured it to use IMAP4 to check a mailbox for emails with the subject "Cybershot Photo".
On the K800i I selected a photo and chose More > Send > As email. After completing the details and sending it, a few moments later the email client reported it failed to send:
TLS/SSL server certificate not authorized by known authority. Contact your email provider.
My email server has a self-signed SSL/TLS X509 certificate generated by openssl:
$ cd /etc/ssl $ openssl req -new -nodes -x509 -out certs/tjworld.pem -keyout private/tjworld.key -days 1000
The K800i has a few trusted public root Certificate Authority (CA) certificates installed but this doesn't help when using a self-signed certificate. This certificate needs to be installed on the Sony Ericsson phone by sending the file using Bluetooth. Of course, if using Microsoft Windows, it is possible to use the Sony Ericcson Phone Suite to send the file via USB (in Phone mode).
First, rename the certificate to have a .cer extension. The phone uses this as the clue that the file is a certificate and will ask if it is to be installed.
I've read that the X509 certificate should be in DER format but I thought I was using a PEM-formatted file. There is little difference between them - a PEM wraps a DER with text headers. For the avoidance of doubt on this crucial part, here's the beginning and ending fragments of the certificate I installed successfully:
-----BEGIN CERTIFICATE----- MIICuzCCAiSgAwIBAgIJAK9ScWc6vyHZMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYD VQQGEwJFUzESMBAGA1UECBMJQW5kYWx1Y2lhMQ8wDQYDVQQHEwZNYWxhZ2ExCzAJ ... ... r5BQWOKjG/PFLusdaSgLvuyoHxYaa7i3AU3CAWa68FdMgiFMzwV1EqhxFULfM8dp /vPkzd8PO7+kLPBctTWwqpSIvN9+iSexRgJeiQGeoA== -----END CERTIFICATE-----
Ensure the phone's Bluetooth is switched on. On the PC use the Obex file send utility. I use Blueman (GTK Bluetooth Manager) but there is also gnome-vfs-obexftp and other similar Bluetooth file-send utilities.
The obex utility asks which device to send to and then opens a file-chooser dialog. Select the certificate file and press Send. The phone asks for permission to receive the incoming item. Once accepted the phone reports:
Certificate received mail.tjworld.net
Inspect the certificate by pressing More. Press Continue and the phone asks:
mail.tjworld.net Save certificate?
Press Yes and the phone reports Certificate Saved.
To check the certificate do Settings > Security > Certificates > Trusted certificates. The new certificate will appear in the list.
Now it is possible to return to the email Outbox and send the held emails successfully.