Why does my Palm OS device not recognize my secure certificate as valid?
Tell us what you think!
Looking for Product Support?
Palm devices cannot communicate with servers that have SSL certificates installed that use the new UTF-8 industry standard format.
The RFC industry standard requires that secure certificates be issued using the UTF-8 format.
The Palm Operating System is using the "printablestring" format that preceded the current UTF-8 industry standard.
NOTE: For more information about the printablestring format, see http://en.wikipedia.org/wiki/PrintableString.
If You Require a Printablestring Encoded Certificate for Your Palm Device
Our issuing system issues a printablestring encoded certificate if the CSR was already printablestring encoded. Therefore, you need to create your CSR with software that defaults to printablestring encoding.
Palm OS owners who need a certificate in printablestring formatting may be able to create the proper printablestring CSR for submission to our system and receive a printablestring certificate using OpenSSL.
To Create a CSR in Printablestring Format using OpenSSL
- Open OpenSSL
- From the Start menu, select Run.
- Type cmd and click OK.
- Type c: and press Enter.
- Type cd \openssl\bin and press Enter where "openssl" is the directory where you chose to install OpenSSL.
- Using the command prompt, generate a private key:
- Enter a passphrase when prompted to.
- Type:openssl genrsa -des3 -out <name of your certificate>.key 2048
- Using command prompt request a CSR:
openssl req -new -key <name of your certificate>.key -out <name of your certificate>.csr
- Using command prompt check CSR format type (printablestring or UTF-8):
openssl req -noout -subject -nameopt show_type,sep_multiline -in csr.csr
- The output will tell you if its printablestring or UTF-8
O= UTF8STRING STRING:testprintstring
CN= UTF8STRING STRING:printablestring
- If the output is printablestring, submit the CSR for signing.
- After receiving your certificate, save it into the same openssl/bin directory as your CSR and using command prompt you can check the certificate format using:
openssl x509 -noout -subject -nameopt show_type,sep_multiline -in cert.crt
NOTE: If you need a .PFX file to install the printablestring formatted certificate onto a Windows server, you can use OpenSSL to convert the private key and certificate into a .PFX file.
Here are the OpenSSL docs for this process: http://www.openssl.org/docs/apps/pkcs12.html
NOTE: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.