Connect to Gmail via SSL commands

From: http://kevinhenrikson.com/2006/06/18/gmail-pop-ssl-certs-for-symbian-nokia-phones/

We can check the SSL cert that Gmail is advertising via command line.
$ penssl s_client -connect pop.gmail.com:995 -showcerts

Loading 'screen' into random state - done

CONNECTED(00000768)

depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com

verify error:num=27:certificate not trusted

verify return:1

depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com

verify error:num=21:unable to verify the first certificate

verify return:1

---

Certificate chain

 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com

   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

-----BEGIN CERTIFICATE-----

MIIC3TCCAkagAwIBAgIDCDijMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT

MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0

aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcxMDI1MTc1MzE2WhcNMDkxMjI0MTg1MzE2

WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN

TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xFjAUBgNVBAMTDXBv

cC5nbWFpbC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAO03QxerFKZV

8yeomuL4zSl8Pr7hMWnKMMgp/CwhwadeBmL0LQHHbjL/6z/Z59ZQvrztqkwhchA2

APKzUwRVTyn7Shx6vBqk6oFmTqoOLmY6hbq6l8uVdUv0AfbHwio8CnLpK2+nbuFl

flPwx1DH0E3grD8+CrH5SmScfTWbDkcXAgMBAAGjga4wgaswDgYDVR0PAQH/BAQD

AgTwMB0GA1UdDgQWBBTJRG/OFpZt+BV43JM3NshHMjpwazA6BgNVHR8EMzAxMC+g

LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDAf

BgNVHSMEGDAWgBRI5mj5K9KylddH2CMgEE8zmJCf1DAdBgNVHSUEFjAUBggrBgEF

BQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQEFBQADgYEAOKr3mhxtwFCS3J6lbeaf

3KrHKi935BZkI75sRbON+hog0t2ovcM2i7fxs3xneH8USLsHgfxNBj9tkMogMK/K

sO/NUVZ/IfyqcNNkp2619qTQXthKRH42JKpAKgNhT1bdno3pxn+eDEpqmU3CE7IP

HDCjWOK1fGkZ/yFAuTxuxAc=

-----END CERTIFICATE-----

---

Server certificate

subject=/C=US/ST=California/L=Mountain View/O=Google Inc./CN=pop.gmail.com

issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

---

No client certificate CA names sent

---

SSL handshake has read 883 bytes and written 306 bytes

---

New, TLSv1/SSLv3, Cipher is RC4-MD5

Server public key is 1024 bit

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1

    Cipher    : RC4-MD5

    Session-ID: E2BDEF22495DDFDE21B9B47101C2E38205A032E5E1353AFF4268CFB250DFDA5F



    Session-ID-ctx:

    Master-Key: 2A8979F3F3D34744ABE64E897AF76B7123A1A0535B807604B6DB21E846BF84A3

DA20D9A46AECDEE35F7C780DF0FB4EA4

    Key-Arg   : None

    Start Time: 1220345433

    Timeout   : 300 (sec)

    Verify return code: 21 (unable to verify the first certificate)

---

+OK Gpop ready for requests from 122.200.68.230 m27pf3798629pof.11

From this we see the root certificate is from Equifax. This certificate can be found in common root cert bundles. For reference here’s the Equifax root certificate.

-----BEGIN CERTIFICATE-----

MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJV

UzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2Vy

dGlmaWNhdGUgQXV0aG9yaXR5MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1

MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0VxdWlmYXgxLTArBgNVBAsTJEVx

dWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCBnzANBgkqhkiG9w0B

AQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPRfM6f

BeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+A

cJkVV5MW8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kC

AwEAAaOCAQkwggEFMHAGA1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQ

MA4GA1UEChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlm

aWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoGA1UdEAQTMBGBDzIwMTgw

ODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvSspXXR9gj

IBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQF

MAMBAf8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUA

A4GBAFjOKer89961zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y

7qj/WsjTVbJmcVfewCHrPSqnI0kBBIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh

1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4

-----END CERTIFICATE-----

We can copy the above text into a text file, and save the file as "equifax.pem". The next step, convert it to a der format using open ssl.

$openssl x509 -outform DER -in equifax.pem -out equifax.der

The final step is to transfer these certificates to your phone. USB, IR, or Bluetooth will all work for this purpose.