![]() |
cacert on N950 in OpenMode and MfE
Hey Community,
recently I discovered a N950 in my employers device archive. Now I'd like to use this awesome device daily to replace my not so good WindowsPhone. I've already been capable of bringing the N950 into Openmode. I've got two Questions: 1) How to install custom CA's (cacert.org) 2) How to enable Mail for Exchange (Question might depend on Q1) Ok, let's talk about more details: I fail when trying to install new Root-Certificates (those of cacert.org) When downloading and installing the certificate, I can see the certificate and it is added in the certificatemanager, but the /var/log/syslog says: Code:
certificate_install: aegis_storage.cpp(1935): ERROR commit: access denied, cannot commit '/var/lib/aegis/ps/Ss/certman.ssl-ca' I use cacert to secure my Mail, Calender and Contacts which are "hosted" with horde and can be accessed with ActiveSync.(Exchange) Unfortunately I'm not able to connect to the "Exchange" Server with Mail-For-Exchange. We could connect successfully with a N900 (with and without cacert certificates), Windows Phone and Android devices, so the server should not be the Problem. MFE reports "Invalid host address for Mail for Exchange Server". Code:
Jan 19 19:37:46 (2016) mfeplugin[2461]: [Debug] Connecting to URL: "https://xxxxxxxxxxxxx:443/Microsoft-Server-ActiveSync" What I already tried:
But, as of now: no success Do you have any ideas how to get this working? Best Regards xelo ========= Solution: Certificates: 1. Additional certificates can be Installed with Code:
acmcli -c common-ca -a sha1HashOfPemEncodedCertificate.pem Code:
/var/lib/aegis/certs/common-ca/ If neither develsh was elevated nor the device uses inception and ariadne, you will receive a Code:
permission denied Not found yet (2016-01-24) |
Re: cacert on N950 in OpenMode and MfE
short answer:
using web "facilities" to insert certs did not work on N900 (nor do I expect on N9/50) copying certs manually to /var/lib/aegis/certs/common-ca will also not work I would go like: download cert in pem or convert into pem put it wherever you like and install it with /usr/bin/acmcli to common-ca (will need to dig for exact command...) possibly c_refhash (as you already found out) --edit you might do it in as root with devel-su AND possibly in "develsh" (giving some more rights), as I do not expect you to run that device in OpenMode? P.S.: what I do not understand on N9/50 is why we have /var/lib/aegis/certs (/common-ca) and also /etc/ssl/certs Both seem to have the same certs installed (with different hashes/links)? So possibly we need this here, too? |
Re: cacert on N950 in OpenMode and MfE
Thank's for your answer. I'll give it a shot later.
Quote:
Edit 1: I tried without success Code:
# acmcli -C aegis-certman-common-ca::CertCACommonAdd -lc common-ca -a 16b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d1.pem Edit 2: So this happens in the log: Code:
Jan 20 21:02:57 (2016) acmcli: aegis_storage.cpp(1436): ERROR add_file: access denied Now created a "private" common-ca and removed it again, which worked... Code:
# /usr/bin/acmcli -p common-ca -a 16b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d1.pem Edit 3: Installed Inception from openrepos. Code:
/usr/sbin/pasiv The log complained about a bunch of broken Certs Code:
Jan 20 21:46:26 (2016) acmcli: certman_main.cpp(184): ERROR Invalid certificate '/C=ES/L=C/ Muntaner 244 Barcelona/CN=Autoridad de Certificacion Firmaprofesional CIF A62634068/emailA Achieved Today: Added cacert Root |
Re: cacert on N950 in OpenMode and MfE
Quote:
:D |
Re: cacert on N950 in OpenMode and MfE
Quote:
|
Re: cacert on N950 in OpenMode and MfE
Okay, back to topic: Mail For Exchange.
I tried to add the account again. No success: MfE fails again with a "Invalid Host Address for Mail for Exchange Server". But It stopped complaining about the Missing/Invalid Certificates. Code:
Jan 20 21:54:33 (2016) mfeplugin[5404]: [Debug] virtual void MfeCheckCredentialsDialog::createContent() |
Re: cacert on N950 in OpenMode and MfE
Let MfE step back (need to power up my N950-in-use and have a look) and first get your certs done!
I gave you the hint already: devel-su develsh acmcli -c common-ca -e -a myCert.pem and Boom! :) After that check again. Please make a copy of /var/lib/aegis/certs/common-ca and /et/ssl/certs so you can diff them later. I have no idea if cert will be added to /etc/ssl/certs, too. |
Re: cacert on N950 in OpenMode and MfE
Powered on and ...
what are your settings in MfE account (obfuscate)? |
Re: cacert on N950 in OpenMode and MfE
Quote:
I gave this approach a shot. Code:
~ $ devel-su Code:
~ # accli -I Installing the Certificate with inception / ariadne works, as stated in Message #3 above. Code:
~ # ariadne acmcli -c common-ca -e -a /home/user/MyDocs/Downloads/16b5321bd4c7f3e0e68ef3bdd2b03aeeb23918d1.pem Quote:
Then I go to Manual Setup (Server does not support autodiscover) and add the HostName, Port 443 Code:
E-Mail: mail@domain.tld Code:
E-Mail: mail@domain.tld |
Re: cacert on N950 in OpenMode and MfE
1 Attachment(s)
Quote:
Attachment 38085 So, it synced without the root cert being on N900 at all. |
All times are GMT. The time now is 23:11. |
vBulletin® Version 3.8.8