custom X.509 SSL cert? - G1 Android Development

Hi,
Does anyone know where SSL certs live in the Android file system? I searched these forums and there doesn't seem to be anything about it yet.
I would like to add a signing cert so I can access my web server with SSL. I don't have a publicly signed cert, just a privately signed one, to save $.
Any help would be appreciated!
Thanks!
Sheepdawg

Further Details
Hi,
Did some more research. There are two ways around this. One is to add a custom SSL cert to your G1. I didn't get this to work, as it requires fiddling around with JRE apps. A link is here, however:
http://code.google.com/p/android/issues/detail?id=1016
The other way is to use another mail client. This one:
http://code.google.com/p/k9mail/
is a fork from the regular android mail client, and seems to work well. It fixes the SSL issue by allowing you to use improperly signed and self-signed certs.
Sheepdawg

Related

WM5 - Direct Push - SSL & certificate

Hello,
I would like to have your experience feedbacks about Direct Push and SSL under WM5.
I have my own authority of certification (Windows 2003 Server) and I generated the root certificate and installed this one in the terminal.
But activesync does not function (error 8001014). Lot of articles covers the subject, how to add certificates root, the activesync errors, but nothing goes. I spent already much time on the subject.
Then I decided to contact Microsoft. The answer is surprising: Microsoft use direct push with HTTP and not with https (strange isn't it ?)
Here their answer: "Indeed, we have in-house HTC but we pass in HTTP and not in https… If not, WM5 in SSL functions and all the incidents which I saw relate to WM5 and not WM6 and the resolution were to pass in HTTP "
I have create this post to know if somebody made a success of this exploit or if it is really impossible...
Thanks in advance
PS: Does WM6 works with SSL/Direct Push/Own certificate ?
Anyone Please ?
I am using SSL over WM6 right now. What I did was I renamed my *.crt file to *.cer and then put it into the mobile phone and clicked on it to install the certificate. After that I can use SSL over Exchange.
-TKN
Do you have FormBased Authentication enabled? If so; read this: http://www.petri.co.il/problems_with_forms_based_authentication_and_ssl_in_activesync.htm
And perform option 3. I'm running Exchange 2003 with SLL and Form Based Authentication enabled, and having pushmail.
I am not exactly using Exchange Server but something similar. It is a software by Kerio called Kerio Mail Server. It has push mail features and many other features that exchange lack. Setup is very simpler for me on Kerio than on Exchange but the procedure for setting up Push Mail is very simple: go into your pocket pc, setup the server information and ssl if using it. Then download the certificate from the kerio mail server and rename the file from *.crt to*.cer for windows mobile to be able to install it. Then once it is installed, you can sync and receive mail on pocket pc using push mail. I am not familiar with Form Based Authentication and I think it has no relationship with Push Mail unless you are using it without SSL. I don't think you can use Form Based Authentication since there is only SSL option in the pocket pc. Hope this helps!
-TKN
I don't know what Georgeot uses for mail. I assumed he used Exchange. And with exchange there is a problem with the ActiveSync, FormBased Authentication and SSL on one computer.

security certificate

I am very frustrated. What was a working direct push sync with the company email has stopped working because a security certificate needs updating. I have searched and searched and tried a number of suggested solutions but nothing has worked. I've run out of ideas and suggestions.
Was the certificate on the Exchange Server already updated? Is it a "self-signed certificate"? If both is true you probably need to "install" the new certificate on your TP.
If you've donwloaded a certificate and it installed as it should and it still doesn't work, then try unchecking "'This server requires an encrypted (SSL) certificate" in your server settings.
Btw, you did download a new certificate, did you?
WDawn said:
Btw, you did download a new certificate, did you?
Click to expand...
Click to collapse
Sorry -- was away and couldn't answer. No I've not downloaded any certificates -- I'm not sure where to find them -- I get no support from my company's IT since they consider my Touch Pro "unsupported" (they're still using ATT 8525). What is troubling is I can get the exchange email working by deleting the server then re-establishing it. It will download and sync for awhile. But after a few hours it gives me the error msg telling me I have an out of date security certificate.

Install SSL certificate

Hey guys
i'm using Roadsync to connect to my corporation's exchange server, However, they use a self-assigned SSL certificate
I get this error from roadsync which is similar when using other applications like nitrodesk or moxie
sync error: (-1001) not trusted server certificate
I know how to acquire my corporations ssl cert from the browser (.pem or .der). How do I import this into the Android though?
Thank you
Have the same question. I have read about Touchdown and K9 but I was hoping to avoid using another program.

How to setup Outlook for Exchange Server on WP7?

I am trying to setup a WP7 Outlook, but it won`t connect to a company Exchange Server.
Always getting error- Error code: 80072EE7.
I have read on web that certificates needs to be installed on wp7. I did it, but no luck.
I used to synch this exchange account on my HTC Evo 4G.
Any ideas how to fix issue?
I wish WP7 had a better way to load self-signed certificates.
Best way to install a cert is to e-mail it to yourself using a Gmail account, set up the Gmail account on WP7, open the e-mail and the resulting certificate attachment, and then install the certificate.
Thanks for response,
But,
Everywhere on web people talking about certificates and no one says which particular cert needs to be installed.
I tried with verisign, Microsoft root authorication and other kind public certificates. But issue still persist.
Who knows where can I get the exact certificate from?
Also make sure you are putting in the local domain
(whateveryourdomain.local)
It is required for WP7 unless your username has the domain in it.
For cert... here is what one user said...
1. went to google chrome on my desktop, spanner, options, under the hood, manage certificates.
2. go trusted root certificate authorities.
3. found the certificate from our server.
4. exported it as a DER encoded binary X.509 (.cer) file to the desktop
5. emailed it to my godaddy account on my WP7 phone.
6. clicked on the link installed it AND THEN created the outlook account on my WP7 phone.
IT IS IMPORTANT TO NOT HAVE ANY OUTLOOK ACCOUNTS ACTIVE WHEN INSTALLING THE CERTIFICATE.
thanks for all your help guys!
yes, sure I have local domain:
\whatever - this is what i used on android outlook settings.
how to know which one is our server certificate?
in WP 7 though you don't need a slash. just the domain name when it asks for it.
For the cert... can you get to your mail server via web mail?
For ours in IE9, i just click the lock by the address bar and hit view certificate. Also if you know your Exchange admin, ask him to send it to you via the hotmail account. they you can just click on it and install it.
I believe we do not use any certificate. probably we use public certificates. i do not see lock next to address bar.
Does you host require on device encryption?
Does your company provide instructions for other phones? I may be able to tell you or translate them to how it works in windows phone.
No lock? go to advanced in account and uncheck ssl. I think its on by default.
If that doesn't work pm me the the web outlook address an i can tell u if there is one on there at least.
still cannot synch my outlook account. is there any new ideas?
The only thing left i can say is talk to your exchange admin / tech support. All the settings seem correct for a normal setup. Maybe they are using on device encryption... the only thing that windows phone really doesn't support for exchange, or maybe there is a setting we don't know that they will tell you.
The questions to ask are -
Does it require on device encryption?
Is the certificate required the same one outlook webmail uses as that is the one i walked you through installing?
Is the mail server address the same as outlook webmail minus the owa?
What is the local domain of the mail server? (that is different then the mail server address in most cases)
Does the username have to be whole email address? domain\username? or just username
Does the exchange admin have to add my phone?
Hope that helps get your questions answered.
I need some help also. I had my exchange account on my phone until my comp did server upgrades. This knocked me off as they say this will only support Blackberry and iPhone, don't ask me why. So I was able to setup my exchange account on my Android Epic 4g after trying for a week, as I figured if an iPhone can access it my Android should also. But I have tried the same settings from my Android phone on my WP7 and no luck.
After reading this it looks like I need to follow the above mentioned steps to manually add a sec cert to get it working just right?
I really want my exchange account on my WP7, sucks trying to be on the phone and not be able to download attachments cause you are talking on the phone that gets the email.
Any help would be great!
Did you mean to include a URL or two in there? Anyhow, setting up WP7 to work with Exchange should be pretty easy, although I'm not sure it will do EAP with anything older than 2007 (though IMAP on older servers will work fine). Both of my phone's synced Exchange accounts were set up easily and automatically by just telling it to add the email address; it found the servers and automatically configured the accounts.
black06c230 said:
I need some help also. I had my exchange account on my phone until my comp did server upgrades. This knocked me off as they say this will only support Blackberry and iPhone, don't ask me why. So I was able to setup my exchange account on my Android Epic 4g after trying for a week, as I figured if an iPhone can access it my Android should also. But I have tried the same settings from my Android phone on my WP7 and no luck.
After reading this it looks like I need to follow the above mentioned steps to manually add a sec cert to get it working just right?
I really want my exchange account on my WP7, sucks trying to be on the phone and not be able to download attachments cause you are talking on the phone that gets the email.
Any help would be great!
Click to expand...
Click to collapse
Did they post instructions on what was needed to get an iphone on it? Should be similar with windows phone. For the cert, once you get it, email it to your hotmail and open it. THat will install it.
ROCOAFZ said:
in WP 7 though you don't need a slash. just the domain name when it asks for it.
For the cert... can you get to your mail server via web mail?
For ours in IE9, i just click the lock by the address bar and hit view certificate. Also if you know your Exchange admin, ask him to send it to you via the hotmail account. they you can just click on it and install it.
Click to expand...
Click to collapse
once i click the lock and see the cert. how do i get it to send it in an email?
---------- Post added at 11:22 PM ---------- Previous post was at 11:16 PM ----------
ROCOAFZ said:
Did they post instructions on what was needed to get an iphone on it? Should be similar with windows phone. For the cert, once you get it, email it to your hotmail and open it. THat will install it.
Click to expand...
Click to collapse
other co-workers have their iphone's working just fine. I will get a hold of one and see if any settings in there make it work.
but again i got it setup on my android phone without much issue and those same settings won't work on my WP7. it errors about the cert.
as stated I can click the lock and view the cert from web access but how do I email it to myself? i don't see a export option.
lastly, they block any IP but intranet IPs to access the mail.companydomain.com so the cert from there may not even help?!?!?
to access mail from home/laptop i have outlook setup so no need to access via the web.
any help you can give to get this working would be great!! and yes IT won't give my squat.
Have you tried manual setup. That's what mine requires. I put in my email address and password but it never gets it. I then click on manual and add
Login name: whatdoyaknow
Domain: ad.xxx.com (actually mine is more complex than that, but start with ad.)
Server: exchange.xxx.com (again more complex)
I need certificates for most things, but this seems to work ok.
Actually I still have problems getting WM6.5 to connect, but WP7 goes ok with the above.

Samsung Stock Email App, S/MIME Certificates

I have a Comodo Personal email certificate, which I use for signing and encrypting emails using the S/MIME protocol, over MS Exchange.
The Samsung stock Email application supposedly allows the use of such certificates natively. However I am running into problems when I attempt to install my key.
I'm using a PFX file exported from Windows Certificate Manager. When I generate the file using the standard wizard, I have the option of exporting my key and user certificate either with or without the other certificates in the chain of trust.
The complete certificate chain, by the way, is as follows: Private key/Personal Cert --> Intermediate CA (Comodo RSA Client Authentication and Secure Email CA) --> Root CA (COMODO RSA Certification Authority, included in default store)
When I omit the other certificates in the signing chain when exporting, the PFX just installs my key and my user cert in credential storage. But then everytime I use it to sign or encrypt something in the Email app, I get a nag from the Email app warning me that it could not validate my credentials. That is, Samsung Email app is unable to verify my cert's trust unless the intermediate CA is provided to it.
But frustratingly, when I export the PFX file so that it includes the intermediate CA's in the chain and install, Android places the Intermediate CA in User folder in the keystore, and treats it as a root CA. That is to say, instead of inheriting trust from the COMODO RSA Certification Authority (which is in the default keystore) Android assigns trust to the intermediate CA *explicitly*. And so, despite the fact it's a valid certificate signed by a trusted root authority in the default keystore, Android gives me nearly constant nags about my phone being "monitored by a 3rd party" until I delete the intermediate CA from User Trust. Which of course, breaks the Samsung Email app's ability to verify the certificate chain and yields a nag everytime I send an email.
Anyone else encounter this issue/know of a solution?
Bump.
I've scoured the internet for months and I cannot find a single thread anywhere on exactly this issue. It's a pretty straightforward question, I think. So I'm surprised I can't find any insights anywhere.
[deleted]

Categories

Resources