Sony.yt - International Sony Forum

Hi all,

Does someone know how can I update the expired certificates like:
- Entrust.net Root
- Equifax Sec Cert Aut
- GlobalSign Root CA
- etc.

Thank you for your help in advance!

May i know what for you want to do that?

Hello Jurij,

these certificates has expired. I just guess it is important to keep update or else maybe some application will not works well.

Let me say it that way. Sony Ericsson C901 is a feature phone announced in... February 2009 year. 10 and half years ago. It was supported by Sony Ericsson till 2011 year and last firmware update is i suppose from that year. So since 8 years it's not supported at all, do not count for any firmware updates, certificate updates etc. All you can do is try to install some Opera mini java browser and use it (keep in mind, that internet has drastically changed over this past 10 years and web design has changed too and on obsolete java browser most of modern web pages may not be displayed properly) or use C901 as a feature phone for phone calls, texts, pictures and music + use smartphone for browsing internet. I'm still using Aino U10i as my daily phone + Xperia smartphones for internet  

I am doing same like you. I found updated certificate on the internet so I guessed it is maybe good to update as much certificate as I can, but after the installation the Gmail did not work on my phone so I deleted.

Is it possible to update the web browser which version is 3.4 to 3.5 like yours?

I know this phone is 10 years old. But I still like it.

Edited by potemkin, 24 September 2019 - 14:30.

C901 does not have wi-fi, so you are forced to use HSDPA / EDGE / GPRS data traffic to browse internet. I have wi-fi in Aino and i'm not using it at all, because it's pointless to use it in nowadays as all internet-releated stuff like e-mail, browser, communicators etc. are properly operated by Xperia devices. If you still want to browse internet using 3G network on your Sony Ericsson C901, all i can recommend to you is to download any latest Opera mini java browser and use it. That's frankly the best thing you can do.

Updating the certificates is mostly pointless, as web servers nowadays usually mandate a minimum for TLS 1.2 on clients, and old Sony Ericsson feature phones just don't support it. They won't allow non-encrypted connections now as well. Modern certificates also rely on incompatible modern ciphers like SHA-512, so they won't install anyway. Iif you dig deeply on the certificate provider websites, you may still find some legacy certificate versions, I did it for thawte and DigiCert at least, possibly converted with Thunderbird to the DER format which my feature phone understands.

Yet I'm mostly happy with Opera Mini, and have a backup solution by connecting to my VPS with MidpSSH (I also had to enable some legacy ciphers in the OpenSSH config on the server, as modern versions are not compatible with MidpSSH anymore by default). There, I open pages with elinks. elinks is capable of converting non-Latin characters to ASCII, which is especially neat. But an open SSH session consumes the battery really a lot.

If Opera Mini transcoders eventually go down, I'll think of some proxy solution; basic deciphering would help a lot, but ideally it should be a browser engine ran in cloud returning plain HTML dumps for the stock browser. Something akin to how brow.sh works.

Oh, and if you have troubles with installing some apps due to expired certificates, you may just temporarily unwind the date on the phone. It's a generic solution for any old phones.

 

Updating the certificates is mostly pointless, as web servers nowadays usually mandate a minimum for TLS 1.2 on clients, and old Sony Ericsson feature phones just don't support it. They won't allow non-encrypted connections now as well. Modern certificates also rely on incompatible modern ciphers like SHA-512, so they won't install anyway. Iif you dig deeply on the certificate provider websites, you may still find some legacy certificate versions, I did it for thawte and DigiCert at least, possibly converted with Thunderbird to the DER format which my feature phone understands.

Yet I'm mostly happy with Opera Mini, and have a backup solution by connecting to my VPS with MidpSSH (I also had to enable some legacy ciphers in the OpenSSH config on the server, as modern versions are not compatible with MidpSSH anymore by default). There, I open pages with elinks. elinks is capable of converting non-Latin characters to ASCII, which is especially neat. But an open SSH session consumes the battery really a lot.

If Opera Mini transcoders eventually go down, I'll think of some proxy solution; basic deciphering would help a lot, but ideally it should be a browser engine ran in cloud returning plain HTML dumps for the stock browser. Something akin to how brow.sh works.

Oh, and if you have troubles with installing some apps due to expired certificates, you may just temporarily unwind the date on the phone. It's a generic solution for any old phones.

 

Thnxx for the explanation