locked
Certificate error on Mobile RRS feed

  • Question

  • I’m successfully configured OCS 2007 Communication Server on windows 2003 R2. But when I try to connect server via mobile communicator its shows error “cannot verify the certificate from the server.  Check your device's clock settings, or contact your system administrator”.

    ·         I installed a certificate on mobile (WM6) device.

    ·         My device clock is same as server clock.

    What should I do.

     

    Thanks,

    Adeel.

     

    Monday, December 10, 2007 12:57 PM

All replies

  •  

    what certificate have you installed on the phone? have you installed a user cert or the root cert of the published certificate.

     

    is the cert a private cert or public?

     

    Blackduke

    Thursday, December 13, 2007 11:26 PM
  •  

    On the Server tab in options, what are your settings, mine are "Server FQDN":443 and connect using TLS

     

    Blackduke

    Sunday, December 23, 2007 3:47 PM
  • This solve the problem:

     

    DisableCRLCheck

    If you continue to have problems installing the certificates or Communicator Mobile has problems verifying the certificates when you sign in, you can disable CRL (Certificate Revocation List) checking by using a registry editor or by installing a provisioning file when you install the client.

      Caution

    If you disable CRL checking, the device cannot verify the authenticity or certificate revocation status of the servers that you connect to. Connecting to unknown servers is a serious security risk.

    Use a registry editor to set the following registry key on your mobile device:

    [HKEY_CURRENT_USER\Software\Microsoft\Communicator\System Settings\DisableCRLCheck]

    "Enabled"=dword:00000001

     

    Monday, July 14, 2008 7:10 PM
  •  

    hi, I´m currently having this same problem of the communicator mobile clients, but I don´t know where can I access the registry to edit this setting in a Windows Mobile 6 phone?

    please advice, Thanks!

     

    Monday, November 10, 2008 5:28 PM
  • Problem:

    Error:

    “Cannot verify the certificate from the server.  Check your device's clock settings, or contact your system administrator”.

     

    Solution:

    DisableCRLCheck

    If you continue to have problems installing the certificates or Communicator Mobile has problems verifying the certificates when you sign in, you can disable CRL (Certificate Revocation List) checking by using a registry editor or by installing a provisioning file when you install the client.

      Caution

    If you disable CRL checking, the device cannot verify the authenticity or certificate revocation status of the servers that you connect to. Connecting to unknown servers is a serious security risk.

    Use a registry editor to set the following registry key on your mobile device:

    [HKEY_CURRENT_USER\Software\Microsoft\Communicator\System Settings\DisableCRLCheck]

    "Enabled"=dword:00000001

     

    Resource:

    Use this software to Edit Mobile Registry:

     

    http://www.breaksoft.com/Blog/Utilities/2005/1/Mobile_Registry_Editor.aspx

     

    Monday, November 10, 2008 6:06 PM
  • I have this same problem as well. Sure, you can disable checking the CRL but why would you want to??? Does anyone know the real reason this is happening and how to correct it? Is it because the cert chain from an internal PKI and the CRL isnt publically available for the device to check?
    We will pay the price but we will not count the cost
    Monday, May 18, 2009 8:03 PM
  • We ran into the same problem with a client and one of the servers did not have the Intermediate Certficiate installed.  Check your certs and the certificate chains.  that should resolve the problem.  It has nothing to do with time by the way.
    Tuesday, May 26, 2009 2:14 PM
  • Use a registry editor to set the following registry key on your mobile device:

    [HKEY_CURRENT_USER\Software\Microsoft\Communicator\System Settings\DisableCRLCheck]

    "Enabled"=dword:00000001


    So what if you don't have that key, I have one called "DisableCertCheck" in the same location, however I can't edit it nor add any to the registry as I get t Access Denied error messages.
    Wednesday, June 3, 2009 7:47 PM
  • just install your internal certificate Root/chain on the Mobile.

    /Jan
    Jan Petersen
    Thursday, June 4, 2009 8:27 AM
  • Yes DisableCertCheck is the same as DisableCRLCheck as far as I can tell....  I did test it and it did work.....
    Friday, June 5, 2009 11:05 PM