Active Topics
-
The N900 is now 15 years old! (9)
to Nokia N900 by Arno_11 - 9 hrs, 49 mins ago -
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (4)
to SailfishOS by Maemish - 5 days, 22 hrs ago - more...
Rob1n |
2010-04-16
, 17:33
|
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#1321
|
Originally Posted by luh3418
That's because the underlying issue for this was fixed in PR1.1, so does absolutely nothing now.
Originally Posted by luh3418
That's presumably because the certificate is not a CA certificate. See http://wiki.maemo.org/Mail_For_Excha...rtbeat_and_FAQ for suggestions & debugging details.
|
|
2010-04-17
, 08:39
|
|
Posts: 4 |
Thanked: 0 times |
Joined on Apr 2010
|
#1322
|
Hi I'm currently facing another strange Issue with Exchange 2007 and N900 :
I'm using a certificate authority im my domain to generate a self signed CA certificate.
then i generate a new certificate for my exchange 2007 server.
It's installed Ok.
then i export it from IIS 6 server in PFX format, i ca import it on my N900 device (i show 2 certificates chained, the CA one and the WebServer (exchange2007/IIS) One.
I installed both selecting E-Mail and Server, they are visible in the certificate Manager.
i tested them folowing step here :http://wiki.maemo.org/Mail_For_Excha..._certificates:
cmcli -T common-ca -v <your-server-dns-name-or-ip-address>:<port-number>
issues with an error "Verification failed : unable to get local issuer certificate
witch is logical, as this is a self signed one.
then
cmcli -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
replies something like this :
0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
trust chain(2):
b5567d6c9eef05f07966d98eb2a85716bff4e80d MYDOMAIN
Verified OK
and cmcli -T common-ca -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
replies something like this :
0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
trust chain(2):
b5567d6c9eef05f07966d98eb2a85716bff4e80d MYDOMAIN
+-> 0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
Verified OK
but i'm currently unable to sync my exchange 2007 account, i've got the same error from my device "Either exchange server requires a secure connection or your account is disabled". "
Am I doing something wrong ?
I'm using a certificate authority im my domain to generate a self signed CA certificate.
then i generate a new certificate for my exchange 2007 server.
It's installed Ok.
then i export it from IIS 6 server in PFX format, i ca import it on my N900 device (i show 2 certificates chained, the CA one and the WebServer (exchange2007/IIS) One.
I installed both selecting E-Mail and Server, they are visible in the certificate Manager.
i tested them folowing step here :http://wiki.maemo.org/Mail_For_Excha..._certificates:
cmcli -T common-ca -v <your-server-dns-name-or-ip-address>:<port-number>
issues with an error "Verification failed : unable to get local issuer certificate
witch is logical, as this is a self signed one.
then
cmcli -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
replies something like this :
0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
trust chain(2):
b5567d6c9eef05f07966d98eb2a85716bff4e80d MYDOMAIN
Verified OK
and cmcli -T common-ca -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
replies something like this :
0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
trust chain(2):
b5567d6c9eef05f07966d98eb2a85716bff4e80d MYDOMAIN
+-> 0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
Verified OK
but i'm currently unable to sync my exchange 2007 account, i've got the same error from my device "Either exchange server requires a secure connection or your account is disabled". "
Am I doing something wrong ?
|
|
2010-04-18
, 08:44
|
|
Posts: 32 |
Thanked: 3 times |
Joined on Apr 2010
|
#1323
|
Originally Posted by Rob1n
Thanks. Yes you are quite right it is not a CA cert :-(
That's because the underlying issue for this was fixed in PR1.1, so does absolutely nothing now.
That's presumably because the certificate is not a CA certificate. See http://wiki.maemo.org/Mail_For_Excha...rtbeat_and_FAQ for suggestions & debugging details.
I tried debugging but could not work out:
a- how to find which .pem file I was looking for. Looked at the SHA numbers etc and could not see a match
b- even if 'a' no idea what to edit the file to say.
Will this all be a non issue with pr.1.2?
Again thanks for your advice here, much appreciated.
|
|
2010-04-18
, 09:21
|
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#1324
|
Originally Posted by luh3418
You can't edit the files - they're encrypted & signed to prevent that. If it's a self-signed certificate then you'll need to get a new one made with the CA flag set. If it's not a self-signed certificate then you'll need to load the certificate for the issuing CA instead.
Thanks. Yes you are quite right it is not a CA cert :-(
I tried debugging but could not work out:
a- how to find which .pem file I was looking for. Looked at the SHA numbers etc and could not see a match
b- even if 'a' no idea what to edit the file to say.
Originally Posted by luh3418
I've not heard of any changes to this in PR1.2.
Will this all be a non issue with pr.1.2?
|
|
2010-04-19
, 04:19
|
|
Posts: 32 |
Thanked: 3 times |
Joined on Apr 2010
|
#1325
|
Originally Posted by Rob1n
Re PR1.2 see "6582 exchange sync cant handle certificate exceptions" http://dailymobile.se/2010/03/28/nok...e-coming-soon/
You can't edit the files - they're encrypted & signed to prevent that. If it's a self-signed certificate then you'll need to get a new one made with the CA flag set. If it's not a self-signed certificate then you'll need to load the certificate for the issuing CA instead.
I've not heard of any changes to this in PR1.2.
Re my certificate problem: I saved the certificate as a p7b then email it to my N900 and open it in certificate manager. All good. It is not self signed. The issuing CA is Equifax and it is issued to "*sol.net.au"
How then do I "load the certificate for the issuing CA instead."
After opening it in certificate manager when I look at all my certificates in Settings > Certificate Manager it is not there.
Sorry for dullardedness but SSL is not my forte.
Last edited by luh3418; 2010-04-19 at 07:53.
|
|
2010-04-19
, 08:24
|
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#1326
|
Originally Posted by luh3418
There's several ways to do this. The easiest is probably to use Firefox on your desktop - open the URL you use for MfE. Click in the URL bar (on the left hand side, where it gives the domain for the SSL certificate). It should pop up a window detailing the security status - click on the "More Information" button, the click on the "View Certificate" button. Go to the details tab - it should show the certificate hierarchy. You can then select any of the certificates in the hierarchy and export them to PEM files (which can then be loaded on the N900).
Re my certificate problem: I saved the certificate as a p7b then email it to my N900 and open it in certificate manager. All good. It is not self signed. The issuing CA is Equifax and it is issued to "*sol.net.au"
How then do I "load the certificate for the issuing CA instead."
After opening it in certificate manager when I look at all my certificates in Settings > Certificate Manager it is not there.
Sorry for dullardedness but SSL is not my forte.
You can do the same thing with IE if you prefer that (in IE7, you click on the padlock to the right of the URL bar to get to the certificates, not sure about IE8 though).
|
|
2010-04-19
, 14:38
|
|
Posts: 32 |
Thanked: 3 times |
Joined on Apr 2010
|
#1327
|
Originally Posted by Rob1n
Thanks again your patience is appreciated. I found the cert hierarchy as you explained and actually imported and converted all 2 certificates. One was the same as before and did not load in the certificate manager but was read. The other one loaded and I saved it for server email etc but when I tried to install credentials for Mfe I still get the invalid server message :-(
There's several ways to do this. The easiest is probably to use Firefox on your desktop - open the URL you use for MfE. Click in the URL bar (on the left hand side, where it gives the domain for the SSL certificate). It should pop up a window detailing the security status - click on the "More Information" button, the click on the "View Certificate" button. Go to the details tab - it should show the certificate hierarchy. You can then select any of the certificates in the hierarchy and export them to PEM files (which can then be loaded on the N900).
You can do the same thing with IE if you prefer that (in IE7, you click on the padlock to the right of the URL bar to get to the certificates, not sure about IE8 though).
I had a look in firefox certificate manager and in "other" tab I found a certificate that was from Equifax to the exchange/zimbra server. I imported it converted to p7b and then when I tried to load it in n900 cert manager it said the certificate date was invalid/ expired which indeed it was.
Could that be the right certificate and the problem? I recall in firefox the first time I had to validate that cert it asked me if I would ignore the expiry date. Could n900 manager not be able to do this perhaps? I have asked our IT people to issue a new unexpired certificate.
|
|
2010-04-19
, 18:20
|
|
Posts: 22 |
Thanked: 53 times |
Joined on Apr 2010
@ Amsterdam
|
#1328
|
Hi,
Got my n900 since a couple of days, and activated exchange 'successfully' for google mail, calendar and contacts. Until, the Inbox couldn't be fetched.
So I removed the account, in order to recreate it. But when trying to reach the the Mail for Exchange wizard, through the settings menu, the menu entry is displayed for 2 seconds, and then disappears.......
Enabled logging with instructions found on http://wiki.maemo.org/Mail_For_Excha...the_logging_ON, but no succes.
Also found out that real sync with google calendar and contacts isnt possible yet, so I want to use the NueavaSync service. But for this service I also need to reach the menu entry.
Hope someone can help me with this?
thanks
Got my n900 since a couple of days, and activated exchange 'successfully' for google mail, calendar and contacts. Until, the Inbox couldn't be fetched.
So I removed the account, in order to recreate it. But when trying to reach the the Mail for Exchange wizard, through the settings menu, the menu entry is displayed for 2 seconds, and then disappears.......
Enabled logging with instructions found on http://wiki.maemo.org/Mail_For_Excha...the_logging_ON, but no succes.
Also found out that real sync with google calendar and contacts isnt possible yet, so I want to use the NueavaSync service. But for this service I also need to reach the menu entry.
Hope someone can help me with this?
thanks
|
|
2010-04-20
, 02:38
|
|
Posts: 32 |
Thanked: 3 times |
Joined on Apr 2010
|
#1329
|
Originally Posted by luh3418
It was the "other" server. Have it working now. Thanks for your help.
Thanks again your patience is appreciated. I found the cert hierarchy as you explained and actually imported and converted all 2 certificates. One was the same as before and did not load in the certificate manager but was read. The other one loaded and I saved it for server email etc but when I tried to install credentials for Mfe I still get the invalid server message :-(
I had a look in firefox certificate manager and in "other" tab I found a certificate that was from Equifax to the exchange/zimbra server. I imported it converted to p7b and then when I tried to load it in n900 cert manager it said the certificate date was invalid/ expired which indeed it was.
Could that be the right certificate and the problem? I recall in firefox the first time I had to validate that cert it asked me if I would ignore the expiry date. Could n900 manager not be able to do this perhaps? I have asked our IT people to issue a new unexpired certificate.
|
|
2010-04-20
, 15:13
|
|
Posts: 4 |
Thanked: 0 times |
Joined on Apr 2010
|
#1330
|
Originally Posted by RoRoD
Hi I'm currently facing another strange Issue with Exchange 2007 and N900 :
I'm using a certificate authority im my domain to generate a self signed CA certificate.
then i generate a new certificate for my exchange 2007 server.
It's installed Ok.
then i export it from IIS 6 server in PFX format, i ca import it on my N900 device (i show 2 certificates chained, the CA one and the WebServer (exchange2007/IIS) One.
I installed both selecting E-Mail and Server, they are visible in the certificate Manager.
i tested them folowing step here :http://wiki.maemo.org/Mail_For_Excha..._certificates:
cmcli -T common-ca -v <your-server-dns-name-or-ip-address>:<port-number>
issues with an error "Verification failed : unable to get local issuer certificate
witch is logical, as this is a self signed one.
then
cmcli -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
replies something like this :
0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
trust chain(2):
b5567d6c9eef05f07966d98eb2a85716bff4e80d MYDOMAIN
Verified OK
and cmcli -T common-ca -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
replies something like this :
0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
trust chain(2):
b5567d6c9eef05f07966d98eb2a85716bff4e80d MYDOMAIN
+-> 0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
Verified OK
but i'm currently unable to sync my exchange 2007 account, i've got the same error from my device "Either exchange server requires a secure connection or your account is disabled". "
Am I doing something wrong ?
i've enabled logging, here's the log file, if someone can help i'll appreciate
thanks !
Code:
Apr 20 16:56:07 Nokia-N900-51-1 [1427]: activesync: AS-COMMON-UTILS Version: libas-common-utils (0.0.2-27+0m5) unstable; urgency=low Apr 20 17:00:19 Nokia-N900-51-1 [1018]: activesync: AS-COMMON-UTILS Version: libas-common-utils (0.0.2-27+0m5) unstable; urgency=low Apr 20 17:01:13 Nokia-N900-51-1 [1385]: activesync: AS-COMMON-UTILS Version: libas-common-utils (0.0.2-27+0m5) unstable; urgency=low Apr 20 17:01:25 Nokia-N900-51-1 activesync[1405]: AS-COMMON-UTILS Version: libas-common-utils (0.0.2-27+0m5) unstable; urgency=low Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 4 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 0 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cannot get CfgConnExchangeServer Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 5 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cannot get CfgCredUsername Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 6 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cannot get CfgCredEncryptedPassword Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 5 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: SyncScheduler: cannot get CfgCredUsername Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 0 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cannot get CfgConnExchangeServer Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: SyncScheduler: Cancel all actions Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: ASDAEMON Version: 'as-daemon (0.0.2-28+0m5) unstable; urgency=low' starting Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: GLIB DEBUG ConIc - con_ic_connection_send_event(0x18c810, a0feb19a-003f-494c-bb6e-bbcc8186cc3d, WLAN_INFRA, 0) Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: ICListener: IAP 'a0feb19a-003f-494c-bb6e-bbcc8186cc3d' with bearer 'WLAN_INFRA': connected; count 1 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: StoreProxyImpl::getContactVersion not ready to get version, folderId= Apr 20 17:02:03 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cURL errorcode = 6 Apr 20 17:02:03 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cURL errorcode = 6 Apr 20 17:02:21 Nokia-N900-51-1 activesync[1405]: AS-LIB: Version: libas-protocol (0.0.2-28+0m5) unstable; urgency=low Apr 20 17:03:52 Nokia-N900-51-1 activesync[1405]: HTTP STATUS: 400 Apr 20 17:03:52 Nokia-N900-51-1 activesync[1405]: AS-LIB: Received HTTP response 400. Factory not created
 |
| Tags |
| activesync, certificate, email, exchange, fremantle, ignore tex14, maemo 5, mail for exchange, mfe, n900, provisioning, sync, thanks vitaly! |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
All times are GMT. The time now is 03:30.