Active Topics
-
Sailfish OS for the Motorola Moto G7 Power (XT1955-5) - (ocean) (4)
to SailfishOS by Maemish - 5 hrs, 17 mins ago -
The N900 is now 15 years old! (6)
to Nokia N900 by Macros - 2 days, 1 hr ago -
F(x)tec Pro1x (QWERTY) for sale (0)
to Buy & Sell by aln00000 - 2 days, 14 hrs ago -
n770 youtube video (0)
to General by nmdv - 6 days, 13 hrs ago - more...
|
2017-02-05
, 15:03
|
|
Posts: 2,154 |
Thanked: 8,464 times |
Joined on May 2010
|
#242
|
Anyway, on Ubuntu 12.04 verification to supl.nokia.com:7275 pass:
On Debian 8 too:
So... it is really problem with certificates?
Code:
$ openssl s_client -connect supl.nokia.com:7275 -CAfile /etc/ssl/certs/ca-certificates.crt
CONNECTED(00000003)
depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = NL, ST = Noord-Brabant, L = Veldhoven, O = HERE Global BV, CN = supl.nokia.com
verify return:1
---
Certificate chain
0 s:/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgIQNUQLMS6rnzbNIfXt19aBADANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MDIxODAwMDAwMFoX
DTE3MDUxNTIzNTk1OVowazELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3JkLUJy
YWJhbnQxEjAQBgNVBAcMCVZlbGRob3ZlbjEXMBUGA1UECgwOSEVSRSBHbG9iYWwg
QlYxFzAVBgNVBAMMDnN1cGwubm9raWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA34Z7l6qHrxge+eW/C8lNffowlsi/HKqWNRqsmV0g09unZ3Zp
ptEXOvsHsZVshMUsL3h2OBQqPRM0Wkd9Ol9+ZKi5JZinxZg1AcJ407bJ7MA5W9aE
XAWLGnZ7f+FaLpuZW34DuN8M3yk6e6BlEiSAfHPpzOd1GoMBYD/MiLzDmwE9GpAY
pLxCc+pxiG2aqHydVvMKnYnB5Xyx2D1Ke8LJHVqMg+OqINeXqGNlDXDS9yReK+vS
8Hzy2abxF5O8/emWFle5vWCAvbAHs76MeZGyUkWeVxFAwdzq9XAxYmhuPOnxq50f
Fk5fWwIoZUkIsLjQwafIjEg45s+LNPd0ct9xAQIDAQABo4IC5jCCAuIwGQYDVR0R
BBIwEIIOc3VwbC5ub2tpYS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EM
AQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsG
AQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9g
z2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5z
eW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0
cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNv
bS9zcy5jcnQwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AN3rHSt6DU+mIIuB
rYFocH4ujp0B1VyIjT0RxM227L7MAAABUvXU0HQAAAQDAEcwRQIhALnrb8gmpKob
6WD6R2NfNUDdxmEry6PbLdAgrYxoxd7YAiAq5oaIjTWuS7VvGOl7aSfxLxXKoX/H
afFyFY759kv4RQB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAAB
UvXU0LUAAAQDAEgwRgIhAIcx1pylH31cUgbUvXDu/Ue5DJwx2P187DQmxnPQIUmz
AiEA7oNhaU1u9jf27FbMQAAnpMuNV1MNy1XCLNUyr9vmTQEAdgBo9pj4H2SCvjqM
7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVL11NCOAAAEAwBHMEUCIQCKc7VKuFgM
RW3bUVUFZNlBxAh7GBZmK5MDQSe4twwewwIgPbZiWohxrz2KmebNq2aXBL6hZL4Q
uDFi2mjHrB5Ddp0wDQYJKoZIhvcNAQELBQADggEBAAskbpaa0lzIpXoYRqemUzsd
SWnzfTEIanTIpuXUUfYdtKvcPlJ496f+W9eR2nNv0W3+iNIdYUZ9Kua0v6iOw+s/
kL81zFBlDELXRjzVmMr5z0qC3i61aCAwhpWwQcp9PtrnSObxCs0I41oUoQt47H+L
KJfIQQCPxHRNC0Szv6Q61vXbrGRiGOIlZKGXfWGTY4mtzrQoWezkL62uU1LCp2RM
yIu3hgHTT8rJEAnPrgsZtK34gteKhjrVQwBFki0ewUZoC2/wyxCUYRiEVl+St1Rv
Gi2Cz9WI6B5oycD+qMkWfjl4nMw3tREPxTX1mAQE9cvh5j+8b1cjEV+rUCwhxyA=
-----END CERTIFICATE-----
subject=/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
---
SSL handshake has read 5304 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: FA31BE7E16B88AA4065D88CF78256C136596EFEA30667A7773FD7AF6403A4DE1
Session-ID-ctx:
Master-Key: 11D4F52DEA6E4324BD9276717F90F26FE76AE54F8FE65732244C22E080D11BFF537884DE502187F91FEA23580261842B
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1486306871
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
Code:
$ openssl s_client -connect supl.nokia.com:7275 -CAfile /etc/ssl/certs/ca-certificates.crt
CONNECTED(00000003)
depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4
verify return:1
depth=0 C = NL, ST = Noord-Brabant, L = Veldhoven, O = HERE Global BV, CN = supl.nokia.com
verify return:1
---
Certificate chain
0 s:/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com
i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGWzCCBUOgAwIBAgIQNUQLMS6rnzbNIfXt19aBADANBgkqhkiG9w0BAQsFADB+
MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd
BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj
IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MDIxODAwMDAwMFoX
DTE3MDUxNTIzNTk1OVowazELMAkGA1UEBhMCTkwxFjAUBgNVBAgMDU5vb3JkLUJy
YWJhbnQxEjAQBgNVBAcMCVZlbGRob3ZlbjEXMBUGA1UECgwOSEVSRSBHbG9iYWwg
QlYxFzAVBgNVBAMMDnN1cGwubm9raWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA34Z7l6qHrxge+eW/C8lNffowlsi/HKqWNRqsmV0g09unZ3Zp
ptEXOvsHsZVshMUsL3h2OBQqPRM0Wkd9Ol9+ZKi5JZinxZg1AcJ407bJ7MA5W9aE
XAWLGnZ7f+FaLpuZW34DuN8M3yk6e6BlEiSAfHPpzOd1GoMBYD/MiLzDmwE9GpAY
pLxCc+pxiG2aqHydVvMKnYnB5Xyx2D1Ke8LJHVqMg+OqINeXqGNlDXDS9yReK+vS
8Hzy2abxF5O8/emWFle5vWCAvbAHs76MeZGyUkWeVxFAwdzq9XAxYmhuPOnxq50f
Fk5fWwIoZUkIsLjQwafIjEg45s+LNPd0ct9xAQIDAQABo4IC5jCCAuIwGQYDVR0R
BBIwEIIOc3VwbC5ub2tpYS5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMGEGA1UdIARaMFgwVgYGZ4EM
AQICMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5zeW1jYi5jb20vY3BzMCUGCCsG
AQUFBwICMBkaF2h0dHBzOi8vZC5zeW1jYi5jb20vcnBhMB8GA1UdIwQYMBaAFF9g
z2GQVd+EQxSKYCqy9Xr0QxjvMCsGA1UdHwQkMCIwIKAeoByGGmh0dHA6Ly9zcy5z
eW1jYi5jb20vc3MuY3JsMFcGCCsGAQUFBwEBBEswSTAfBggrBgEFBQcwAYYTaHR0
cDovL3NzLnN5bWNkLmNvbTAmBggrBgEFBQcwAoYaaHR0cDovL3NzLnN5bWNiLmNv
bS9zcy5jcnQwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB2AN3rHSt6DU+mIIuB
rYFocH4ujp0B1VyIjT0RxM227L7MAAABUvXU0HQAAAQDAEcwRQIhALnrb8gmpKob
6WD6R2NfNUDdxmEry6PbLdAgrYxoxd7YAiAq5oaIjTWuS7VvGOl7aSfxLxXKoX/H
afFyFY759kv4RQB3AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAAB
UvXU0LUAAAQDAEgwRgIhAIcx1pylH31cUgbUvXDu/Ue5DJwx2P187DQmxnPQIUmz
AiEA7oNhaU1u9jf27FbMQAAnpMuNV1MNy1XCLNUyr9vmTQEAdgBo9pj4H2SCvjqM
7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAVL11NCOAAAEAwBHMEUCIQCKc7VKuFgM
RW3bUVUFZNlBxAh7GBZmK5MDQSe4twwewwIgPbZiWohxrz2KmebNq2aXBL6hZL4Q
uDFi2mjHrB5Ddp0wDQYJKoZIhvcNAQELBQADggEBAAskbpaa0lzIpXoYRqemUzsd
SWnzfTEIanTIpuXUUfYdtKvcPlJ496f+W9eR2nNv0W3+iNIdYUZ9Kua0v6iOw+s/
kL81zFBlDELXRjzVmMr5z0qC3i61aCAwhpWwQcp9PtrnSObxCs0I41oUoQt47H+L
KJfIQQCPxHRNC0Szv6Q61vXbrGRiGOIlZKGXfWGTY4mtzrQoWezkL62uU1LCp2RM
yIu3hgHTT8rJEAnPrgsZtK34gteKhjrVQwBFki0ewUZoC2/wyxCUYRiEVl+St1Rv
Gi2Cz9WI6B5oycD+qMkWfjl4nMw3tREPxTX1mAQE9cvh5j+8b1cjEV+rUCwhxyA=
-----END CERTIFICATE-----
subject=/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com
issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4
---
No client certificate CA names sent
---
SSL handshake has read 5304 bytes and written 415 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 7B20D6346EE3595B55010B4DEAC1AF886A55CD48F0E7B380767E0D15B23F9DB0
Session-ID-ctx:
Master-Key: 3D9D14E0642329844E5FBDB5B0F95E915FB844C00A99BA1E70BA66CD33D24C58B38D52035DA67960429BDA0399941711
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1486306958
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
DONE
| The Following 2 Users Say Thank You to pali For This Useful Post: | ||
|
|
2017-02-05
, 17:01
|
|
Posts: 3,074 |
Thanked: 12,960 times |
Joined on Mar 2010
@ Sofia,Bulgaria
|
#243
|
Originally Posted by pali
Yes, it is problem with certificates, Ubuntu and Debian seem to provide outdated certs.
Anyway, on Ubuntu 12.04 verification to supl.nokia.com:7275 pass:
So... it is really problem with certificates?Code:...
__________________
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
Never fear. I is here.
720p video support on N900,SmartReflex on N900,Keyboard and mouse support on N900
Nothing is impossible - Stable thumb2 on n900
Community SSU developer
kernel-power developer and maintainer
| The Following 2 Users Say Thank You to freemangordon For This Useful Post: | ||
|
|
2017-02-05
, 17:15
|
|
Posts: 567 |
Thanked: 2,965 times |
Joined on Oct 2009
|
#244
|
I found a different fix that doesn't need any patches to location-proxy.
The latest maemo-security-certman tree contains that fix which is now working just fine on the N900 sitting in front of me.
Nice fast GPS lock.
The fix involves putting the old insecure VeriSign certificate into a separate certificate store that location-proxy will load but that microb and other things wont.
This is with supl.nokia.com btw.
The latest maemo-security-certman tree contains that fix which is now working just fine on the N900 sitting in front of me.
Nice fast GPS lock.
The fix involves putting the old insecure VeriSign certificate into a separate certificate store that location-proxy will load but that microb and other things wont.
This is with supl.nokia.com btw.
| The Following 4 Users Say Thank You to jonwil For This Useful Post: | ||
|
|
2017-02-05
, 17:50
|
|
Posts: 2,154 |
Thanked: 8,464 times |
Joined on May 2010
|
#245
|
Originally Posted by freemangordon
Ah... thats not good.
Yes, it is problem with certificates, Ubuntu and Debian seem to provide outdated certs.
Originally Posted by jonwil
How do you force location-proxy load certs from that new store?
I found a different fix that doesn't need any patches to location-proxy.
The latest maemo-security-certman tree contains that fix which is now working just fine on the N900 sitting in front of me.
Nice fast GPS lock.
The fix involves putting the old insecure VeriSign certificate into a separate certificate store that location-proxy will load but that microb and other things wont.
This is with supl.nokia.com btw.
| The Following User Says Thank You to pali For This Useful Post: | ||
|
|
2017-02-05
, 23:04
|
|
Posts: 567 |
Thanked: 2,965 times |
Joined on Oct 2009
|
#246
|
location-proxy already has code in there that loads from the new store (added by Nokia for reasons unknown).
| The Following 5 Users Say Thank You to jonwil For This Useful Post: | ||
|
|
2017-03-08
, 10:36
|
|
Community Council |
Posts: 685 |
Thanked: 1,234 times |
Joined on Sep 2010
@ Mbabane
|
#247
|
we might have reached the end. supl.nokia.com resolves to 127.0.0.1 at this time :-(
| The Following 3 Users Say Thank You to sicelo For This Useful Post: | ||
|
|
2017-03-08
, 12:47
|
|
Posts: 567 |
Thanked: 2,965 times |
Joined on Oct 2009
|
#248
|
Google brought up this link showing the IP details for supl.nokia.com:
http://supl.nokia.com.ipaddress.com/
If I add 35.157.6.107 supl.nokia.com to /etc/hosts on my N900, it seems to work (nokia maps works and finds accurate location, location-test gets fast connection to satellite etc)
So until/unless the SUPL server running on the Amazon AWS instance answering at that IP address goes away, this should be a good short term fix.
That IP address is probably the best one to use since its the actual last known IP address of supl.nokia.com.
Going forward, maemo should run its own SUPL server as recently suggested by DocScrutinizer05 and freemangordon...
EDIT:
I found this other link
http://www.ip-tracker.org/locator/ip...Supl.nokia.com
which lists an IP address of 52.22.201.16 (also an AWS instance)
along with https://www.robtex.com/dns-lookup/supl.nokia.com that lists a bunch of IP addresses.
The first one I found seems to work though so I will stick with it until something else happens (supl.nokia.com DNS returns a valid IP again, alternative SUPL server is set up or whatever)
EDIT 2:
Its possible the different IP addresses all point to different instances running the same SUPL code (i.e. distributing the load over multiple Amazon AWS instances) or something (I dont know how Amazon AWS works)
Last edited by jonwil; 2017-03-08 at 12:55.
http://supl.nokia.com.ipaddress.com/
If I add 35.157.6.107 supl.nokia.com to /etc/hosts on my N900, it seems to work (nokia maps works and finds accurate location, location-test gets fast connection to satellite etc)
So until/unless the SUPL server running on the Amazon AWS instance answering at that IP address goes away, this should be a good short term fix.
That IP address is probably the best one to use since its the actual last known IP address of supl.nokia.com.
Going forward, maemo should run its own SUPL server as recently suggested by DocScrutinizer05 and freemangordon...
EDIT:
I found this other link
http://www.ip-tracker.org/locator/ip...Supl.nokia.com
which lists an IP address of 52.22.201.16 (also an AWS instance)
along with https://www.robtex.com/dns-lookup/supl.nokia.com that lists a bunch of IP addresses.
The first one I found seems to work though so I will stick with it until something else happens (supl.nokia.com DNS returns a valid IP again, alternative SUPL server is set up or whatever)
EDIT 2:
Its possible the different IP addresses all point to different instances running the same SUPL code (i.e. distributing the load over multiple Amazon AWS instances) or something (I dont know how Amazon AWS works)
Last edited by jonwil; 2017-03-08 at 12:55.
|
|
2017-03-08
, 15:24
|
|
Posts: 46 |
Thanked: 160 times |
Joined on Jun 2010
@ Germany, Berlin
|
#249
|
Originally Posted by jonwil
Via http://geoip.ubuntu.com/lookup/?ip=52.22.201.16 and the others listed in that bunch I got the following result:
...
along with https://www.robtex.com/dns-lookup/supl.nokia.com that lists a bunch of IP addresses.
35.157.6.107 : <TimeZone>Europe/Berlin
52.213.194.13 : <TimeZone>Europe/Dublin
52.220.245.140 : <TimeZone>Asia/Singapore
52.22.201.16 : <TimeZone>America/New_York
52.3.37.45 : <TimeZone>America/New_York
52.74.234.216 : <TimeZone>Asia/Singapore
54.171.105.63 : <TimeZone>Europe/Dublin
So everyone could set the one next to its main location in /etc/hosts with a new line like for example
Code:
52.22.201.16 supl.nokia.com
I can't ping none of the above except the one from Berlin 35.157.6.107 .
52.213.194.13 , 52.220.245.140 , 52.74.234.216 don't seem to answer supl requests. So the remaining list should be
35.157.6.107 : <TimeZone>Europe/Berlin
52.22.201.16 : <TimeZone>America/New_York
52.3.37.45 : <TimeZone>America/New_York
54.171.105.63 : <TimeZone>Europe/Dublin
No Asia anymore ...
EDIT 2:
And unfortunately the certificate for supl.nokia.com ist only valid until May 15 23:59:59 2017 GMT . Hope it will be renewed again ...
Cheers, Ulle
Last edited by Ulle; 2017-03-08 at 15:45.
| The Following 5 Users Say Thank You to Ulle For This Useful Post: | ||
|
|
2017-04-25
, 19:33
|
|
Posts: 1 |
Thanked: 0 times |
Joined on Apr 2017
|
#250
|
Hi,
I added into my /etc/hosts
However, it doesn't work for me. If I try supl.google.com, GPS doesn't work too. Why?
I am just a common ubuntu user from Czech Rep., not Maemo expert.
Quick check:
How this issue can be easily fixed?
I added into my /etc/hosts
Code:
52.3.37.45 supl.nokia.com
I am just a common ubuntu user from Czech Rep., not Maemo expert.
Quick check:
Code:
~$ openssl s_client -connect 52.3.37.45:7275 CONNECTED(00000003) depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority verify return:1 depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4 verify return:1 depth=0 C = NL, ST = Noord-Brabant, L = Veldhoven, O = HERE Global BV, CN = supl.nokia.com verify return:1 --- Certificate chain 0 s:/C=NL/ST=Noord-Brabant/L=Veldhoven/O=HERE Global BV/CN=supl.nokia.com i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 2 s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority 3 s:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIGWzCCBUOgAwIBAgIQNUQLMS6rnzbNIfXt19aBADANBgkqhkiG9w0BAQsFADB+ MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE2MDIxODAwMDAwMFoX . . .
How this issue can be easily fixed?
 |
| Tags |
| a-gps, nokia n900 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
All times are GMT. The time now is 10:29.
That cert has CN=supl.nokia.com so is valid only for supl.nokia.com. And once you trust some certificate in chain, you do not have to validate other in chain...