Thread: Mail for Exchange (MfE). Blame me here, pls
View Single Post
juhanima is offline juhanima
2010-01-27 , 15:29
Posts: 11 | Thanked: 85 times | Joined on Jan 2010 @ Helsinki
#1025
Originally Posted by Rob1n View Post
Looks like wildcard certificates do work okay. The problem is that MfE is not following the certificate chain (which the server makes available). I have to extract & load the immediate parent CA certificate in order for MfE to work.
N900 contains a command-line tool called cmcli which you can try and use to debug this. Please try this at the terminal:

Code:
cmcli -T common-ca -v <your-server-dns-name-or-ip-address>:<port-number>
...for instance cmcli -T common-ca -v localhost:443. In your case the port number is probably something else than 443, though. Or if the chain of trust ends with a user-installed certificate and not in some of the 118 pre-installed ones, please try

Code:
cmcli -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
The output should be something like this:

Code:
0115e5345e4dd64855ed1e3d44060be25f26c2e6 nixu-jum
 trust chain(1):
   b5567d6c9eef05f07966d98eb2a85716bff4e80d Maemosec test CA
Verified OK
...or...

Code:
0115e5345e4dd64855ed1e3d44060be25f26c2e6 nixu-jum
 Verification failed: self signed certificate
...depending whether the verification fails or not. If cmcli succeeds in verifying the connection but MfE does not, this must be a bug and it would be highly appreciated if you filed one in bugs.maemo.org.

with best regards,
Juhani Mäkelä
Maemo Platform Security
 

The Following 4 Users Say Thank You to juhanima For This Useful Post: