Gmail POP SSL certs for Symbian / Nokia phones

Connecting to Gmail’s POP (POPS) server always caused a certificate warning on my Nokia E61 Symbian based phone. The solution is to add Google’s Gmail root SSL certificate to the phone. First check the SSL cert that gmail is advertising.

host1:~ kevin$ openssl s_client -connect -showcerts
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./
verify error:num=21:unable to verify the first certificate
verify return:1
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Server certificate
subject=/C=US/ST=California/L=Mountain View/O=Google Inc./
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
No client certificate CA names sent
SSL handshake has read 891 bytes and written 332 bytes
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Master-Key: B1AF3801F0742D2EDB52B010EA2497B3D2AA7D38D65313D57CA0BCD67C59C902938E9F274B09BE95026441F313688179
Key-Arg : None
Start Time: 1150697367
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)

From this we see the root certificate is from Equifax. This certificate can be found in common root cert bundles but is not shipped by default on Nokia/Synbian phones. For reference here’s the Equifax root certificate.


The next step is to convert the Equifax certs to a format Symbian will accet. Start with putting it in a .pem file.


Using openssl it can be converted to der format.

openssl x509 -outform DER -in equifax.pem -out equifax.der


The final step is to transfer these certificates to your phone. USB, IR, or Bluetooth will all work for this purpose. You’ll be prompted to add the certificate to your phone. Accepting this will permantly save the cert on your phone for future. Try connecting to gmail to ensure the certificate prompt/warning is no longer displayed.

ref ref2

Kevin Henrikson
Kevin Henrikson leads engineering for Microsoft Outlook iOS/Android. Previously, he co-founded Acompli and ran engineering prior to an acquisition by Microsoft in 2014 for $200M. Before Acompli, he was an Entrepreneur-in-Residence for Redpoint Ventures, a venture capital firm for early stage technology companies.

By Kevin Henrikson

Kevin Henrikson leads engineering for Microsoft Outlook iOS/Android. Previously, he co-founded Acompli and ran engineering prior to an acquisition by Microsoft in 2014 for $200M. Before Acompli, he was an Entrepreneur-in-Residence for Redpoint Ventures, a venture capital firm for early stage technology companies.

16 replies on “Gmail POP SSL certs for Symbian / Nokia phones”

Thanks for the information it worked wonderfully on my also new Nokia E61

A much easier way – open the browser and go to: – download the Gmail certificate (Equifax). Then you can go to Settings >Security > Certif. Management. Choose Equifax and then options > trust settings. Disable ‘online certif. check’

The problem with the certificate is to change the pop server to in stead of Keep the SMTP settings as they are. Thats all! At least for 6233

Ok, so I have all the settings downloaded the certificate (my e61 told me its already installed!?). Have and ssl 995 (that changes to port:standard sometimes, like others have it)…
my account name and user name
still i can not receive email, it simply keeps asking me for the password and user name three times and than tells me i got rejected hmmm…whats wrong?

oh and yes pop is enabled for all email on my gmail account..and works with my mail pop client on my mac

How can i install a certificate on my Samsung E250??? Ive downloaded the Gmail app on my phone. It opens up beautifully. I enter my login details. It then loads and then complains about a certificate error which prevents me from using the gmail app. NEEP HELP PLZ!!!

It is really unbeliavable that Nokia, Equifax and Google have put their users to such hassle and security risk.

Google as king of web could make a phonecall to Equifax people to setup a secure wap page to serve their certificates and Nokia themselves are putting their users to very significant risk to use such a weird way to install certificates. Nokia 9300 (series 80) could open .cer or x509 files and install them, Series 60 V3 which is years ahead requires some weird format…

Thanks for this great tip and people, you better contact Equifax to get a “der” root certificate rather than becoming ultra paranoid if you download it from third party.

my nokia 2760 is no longer downloading games and applications and i dont no why when i stop it it says unable to end shared connection

My nokia 6288 can not access my Gmail. It say that my certificates are invalid. What do I do?

When I download items with opera mini, my phone says it does not know how to place the download and thats after consuming my bundle. Someone help. Use a simple language please I do not understand those complex jargons.

wow! who would think my nokia 9300 would get revamped to a gmail pop reader? thanks to your certificate. the certificate manager ate it like it was a yummy icecream! thx!

thanks guys for all these post. my greatest problem of certificate prompt on 9300 has been solved simply by downloading a thawte CA cert. and change the pop server of my gmail tp google mail instead of gmail.

Hi i tried and it won;t work. I have a 6120 Classic and it still says that when i log on to gmail from the web broswer which is really bugging me. Please can someone help me, and tel me how to remove this. I have the equifax certificate alrdy on the fone my phone tells me when i try to install it!


Comments are closed.