Rob1n
|
2010-04-16
, 17:33
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#1321
|
|
2010-04-17
, 08:39
|
Posts: 4 |
Thanked: 0 times |
Joined on Apr 2010
|
#1322
|
|
2010-04-18
, 08:44
|
Posts: 32 |
Thanked: 3 times |
Joined on Apr 2010
|
#1323
|
That's because the underlying issue for this was fixed in PR1.1, so does absolutely nothing now.
That's presumably because the certificate is not a CA certificate. See http://wiki.maemo.org/Mail_For_Excha...rtbeat_and_FAQ for suggestions & debugging details.
|
2010-04-18
, 09:21
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#1324
|
Thanks. Yes you are quite right it is not a CA cert :-(
I tried debugging but could not work out:
a- how to find which .pem file I was looking for. Looked at the SHA numbers etc and could not see a match
b- even if 'a' no idea what to edit the file to say.
|
2010-04-19
, 04:19
|
Posts: 32 |
Thanked: 3 times |
Joined on Apr 2010
|
#1325
|
You can't edit the files - they're encrypted & signed to prevent that. If it's a self-signed certificate then you'll need to get a new one made with the CA flag set. If it's not a self-signed certificate then you'll need to load the certificate for the issuing CA instead.
I've not heard of any changes to this in PR1.2.
|
2010-04-19
, 08:24
|
Posts: 3,617 |
Thanked: 2,412 times |
Joined on Nov 2009
@ Cambridge, UK
|
#1326
|
Re my certificate problem: I saved the certificate as a p7b then email it to my N900 and open it in certificate manager. All good. It is not self signed. The issuing CA is Equifax and it is issued to "*sol.net.au"
How then do I "load the certificate for the issuing CA instead."
After opening it in certificate manager when I look at all my certificates in Settings > Certificate Manager it is not there.
Sorry for dullardedness but SSL is not my forte.
|
2010-04-19
, 14:38
|
Posts: 32 |
Thanked: 3 times |
Joined on Apr 2010
|
#1327
|
There's several ways to do this. The easiest is probably to use Firefox on your desktop - open the URL you use for MfE. Click in the URL bar (on the left hand side, where it gives the domain for the SSL certificate). It should pop up a window detailing the security status - click on the "More Information" button, the click on the "View Certificate" button. Go to the details tab - it should show the certificate hierarchy. You can then select any of the certificates in the hierarchy and export them to PEM files (which can then be loaded on the N900).
You can do the same thing with IE if you prefer that (in IE7, you click on the padlock to the right of the URL bar to get to the certificates, not sure about IE8 though).
|
2010-04-19
, 18:20
|
Posts: 22 |
Thanked: 53 times |
Joined on Apr 2010
@ Amsterdam
|
#1328
|
|
2010-04-20
, 02:38
|
Posts: 32 |
Thanked: 3 times |
Joined on Apr 2010
|
#1329
|
Thanks again your patience is appreciated. I found the cert hierarchy as you explained and actually imported and converted all 2 certificates. One was the same as before and did not load in the certificate manager but was read. The other one loaded and I saved it for server email etc but when I tried to install credentials for Mfe I still get the invalid server message :-(
I had a look in firefox certificate manager and in "other" tab I found a certificate that was from Equifax to the exchange/zimbra server. I imported it converted to p7b and then when I tried to load it in n900 cert manager it said the certificate date was invalid/ expired which indeed it was.
Could that be the right certificate and the problem? I recall in firefox the first time I had to validate that cert it asked me if I would ignore the expiry date. Could n900 manager not be able to do this perhaps? I have asked our IT people to issue a new unexpired certificate.
|
2010-04-20
, 15:13
|
Posts: 4 |
Thanked: 0 times |
Joined on Apr 2010
|
#1330
|
Hi I'm currently facing another strange Issue with Exchange 2007 and N900 :
I'm using a certificate authority im my domain to generate a self signed CA certificate.
then i generate a new certificate for my exchange 2007 server.
It's installed Ok.
then i export it from IIS 6 server in PFX format, i ca import it on my N900 device (i show 2 certificates chained, the CA one and the WebServer (exchange2007/IIS) One.
I installed both selecting E-Mail and Server, they are visible in the certificate Manager.
i tested them folowing step here :http://wiki.maemo.org/Mail_For_Excha..._certificates:
cmcli -T common-ca -v <your-server-dns-name-or-ip-address>:<port-number>
issues with an error "Verification failed : unable to get local issuer certificate
witch is logical, as this is a self signed one.
then
cmcli -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
replies something like this :
0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
trust chain(2):
b5567d6c9eef05f07966d98eb2a85716bff4e80d MYDOMAIN
Verified OK
and cmcli -T common-ca -t ssl-ca -v <your-server-dns-name-or-ip-address>:<port-number>
replies something like this :
0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
trust chain(2):
b5567d6c9eef05f07966d98eb2a85716bff4e80d MYDOMAIN
+-> 0115e5345e4dd64855ed1e3d44060be25f26c2e6 MYDOMAIN
Verified OK
but i'm currently unable to sync my exchange 2007 account, i've got the same error from my device "Either exchange server requires a secure connection or your account is disabled". "
Am I doing something wrong ?
Apr 20 16:56:07 Nokia-N900-51-1 [1427]: activesync: AS-COMMON-UTILS Version: libas-common-utils (0.0.2-27+0m5) unstable; urgency=low Apr 20 17:00:19 Nokia-N900-51-1 [1018]: activesync: AS-COMMON-UTILS Version: libas-common-utils (0.0.2-27+0m5) unstable; urgency=low Apr 20 17:01:13 Nokia-N900-51-1 [1385]: activesync: AS-COMMON-UTILS Version: libas-common-utils (0.0.2-27+0m5) unstable; urgency=low Apr 20 17:01:25 Nokia-N900-51-1 activesync[1405]: AS-COMMON-UTILS Version: libas-common-utils (0.0.2-27+0m5) unstable; urgency=low Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 4 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 0 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cannot get CfgConnExchangeServer Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 5 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cannot get CfgCredUsername Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 6 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cannot get CfgCredEncryptedPassword Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 5 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: SyncScheduler: cannot get CfgCredUsername Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: AsConfigReader: unable to read string value of parameter 0 in account ActiveSyncAccount1. Error 5 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cannot get CfgConnExchangeServer Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: SyncScheduler: Cancel all actions Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: ASDAEMON Version: 'as-daemon (0.0.2-28+0m5) unstable; urgency=low' starting Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: GLIB DEBUG ConIc - con_ic_connection_send_event(0x18c810, a0feb19a-003f-494c-bb6e-bbcc8186cc3d, WLAN_INFRA, 0) Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: ICListener: IAP 'a0feb19a-003f-494c-bb6e-bbcc8186cc3d' with bearer 'WLAN_INFRA': connected; count 1 Apr 20 17:01:30 Nokia-N900-51-1 activesync[1405]: StoreProxyImpl::getContactVersion not ready to get version, folderId= Apr 20 17:02:03 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cURL errorcode = 6 Apr 20 17:02:03 Nokia-N900-51-1 activesync[1405]: CurlConnectionManager: cURL errorcode = 6 Apr 20 17:02:21 Nokia-N900-51-1 activesync[1405]: AS-LIB: Version: libas-protocol (0.0.2-28+0m5) unstable; urgency=low Apr 20 17:03:52 Nokia-N900-51-1 activesync[1405]: HTTP STATUS: 400 Apr 20 17:03:52 Nokia-N900-51-1 activesync[1405]: AS-LIB: Received HTTP response 400. Factory not created
Tags |
activesync, certificate, email, exchange, fremantle, ignore tex14, maemo 5, mail for exchange, mfe, n900, provisioning, sync, thanks vitaly! |
|