Nokia E7 not working with Issuance Policies

When using a Nokia E7 to synchronize with your Exchange server you might get into trouble if your certificates contains the Issuance Policies (Certificate Policies) extension.

Sniffing the traffic I found that when trying to connect the Nokia device sent an TLS Layer-1 Encrypted Alert (Hex 02 0A) and killed the TLS negotiation. Initially I was pretty sure I made some mistake when I installed my root CA certificate in the device, but after double-checking that, I was still unable to get the TLS handshake to work.

After a few hours of troubleshooting I found that the problem was that the certificate I used on my Exchange CAS server had an Issuance Policy referring to my CPS. In order for the Nokia E7 device to be able to consume any of my internal https sites I needed to change the certificate template and remove the Issuance Policy extension and renew my certificates used by my Exchange CAS and other internal websites.

After that the Nokia E7 was able to synchronize and access other internal https sites.

Leave a Reply

Your email address will not be published. Required fields are marked *