Activesync not working OTA (grps sync) due to Third party self signed SSL cert office - General Questions and Answers

Hi All,
1st of all i would like to say that i am really delighted to found a forum that works for a change and responds to people.
Nice work KUDOS guys!!!!
Environment Details.
1. Phone model: HTC HD Mini
2. ROM: New one which has been release by HTC india for correction of ringtone.
3.Carrier: Vodafone India.
Now coming to the Issue Description:
Whenever i try to connect to my webmail using activesync 4.5 i suppose the once which comes along with the phone, i get the following error:
"The security certificate on the server is not valid. Contact your exchange server admin or ISP to install a valid certificate on the server.
Support Code: 0x80072F0D"
Initially i though this would be because my org uses a self signed cert. I got in touch with the exchange admin and he gave me a copy of the following cert used:
1. CA root cert.
2. Exchange cert.
Once i had these i installed the same in the phone.
Observations after that.
1. The root certificate is installed in the Root folder. (valid till 10/29/29)
2. The server certificate is installed in the Intermediate folder. (valid till 16/09/19)
Still when i try to SYNC i get the error message:
"The security certificate on the server is not valid. Contact your exchange server admin or ISP to install a valid certificate on the server.
Support Code: 0x80072F0D"
I am somehow not able to get past this.
Can anyone help.. did a lot of Googlein on this but no help.
Is there any other program that can used for this apart from active sync.
Getting very sad and annoyed.
Please help.
Maybe

Futher research done on this.
Please follow this link to see further research that i have done on his.
It seems i cant post a link on this... But any help will be appreciated.
Regards,
Anurag

Anyone any help...

Related

RootCA certificate

Hello,
I have problem with installing ROOTCA certificate from our company CA.
If I "doubleclick" on certificate in cer format (binary encoded) it is istalled into intermediate.
If I create cab and install it. Certificate is in ROOT (in managing aplication), but if I try to connect to HTTPS it show me warning dialog "The certificate was issued by a company you havenot chosen to trust".
In attachement is the cab. The website is https://exchange.exhost.cz/
At my PC is everything OK in Opera, IE7, FF, Chrome.
I try it on several PPC with WM6.1.
Could anybody help me please?
Thank's
Libor Soucek
Ive been faffin about with rootcertificates a bit lately.
Have you followed the steps as in this link:
http://blogs.msdn.com/windowsmobile/archive/2006/01/28/making_a_root_cert_cab_file.aspx
Hi,
I have create the cab by instruction by instructin on that URI.
Now I have try install iton Glofish M700 with WM6 and the same as enything HTC

Unable to sync with exchange

Hi all,
I tried almost everything but I cannot connect to my exchange account. With our IT we enabled OMA, OWA also, I installed the self-signed certificate on my Touch Pro, tried with and without SSL, erased the account on the device to create it from scratch, read all the posts, googled and tried what suggested but still get connecting for a while and then Error Synchronizing (built-in e-mail client), when I switch to active sync and view status I get "Synchronization couldn't be completed. Try again later" and Support code says 0x80072F17 (certificate related). WHen I set up my iPhone with the account details I sync without problem all the mails with subfolders...Any help?
snekoza said:
Hi all,
I tried almost everything but I cannot connect to my exchange account. With our IT we enabled OMA, OWA also, I installed the self-signed certificate on my Touch Pro, tried with and without SSL, erased the account on the device to create it from scratch, read all the posts, googled and tried what suggested but still get connecting for a while and then Error Synchronizing (built-in e-mail client), when I switch to active sync and view status I get "Synchronization couldn't be completed. Try again later" and Support code says 0x80072F17 (certificate related). WHen I set up my iPhone with the account details I sync without problem all the mails with subfolders...Any help?
Click to expand...
Click to collapse
i had the same problem and later i realized that there two different reasons for this problem. but before i can help i need to know two things. 1st what rom and build version r u using? 2nd what version of htcalbum r u using?
Thank you for the quick rsponse, I hope you can help me. The ROM version is 1.90.401.1 WWE, Radio 1.02.25.19, as for album I have the version that was originally distributed (I could find any version number), BTW it is very slow on loading.
snekoza said:
Thank you for the quick rsponse, I hope you can help me. The ROM version is 1.90.401.1 WWE, Radio 1.02.25.19, as for album I have the version that was originally distributed (I could find any version number), BTW it is very slow on loading.
Click to expand...
Click to collapse
so you don't have a cooked rom or an updated verison of htc album of 2.5 or 3.0?
nothing, everything as shipped.
snekoza said:
nothing, everything as shipped.
Click to expand...
Click to collapse
then i don't know, my problem had to do with a cooked rom and after upgrading to htcalbum 2.5, sorry
Make sure you have the correct root certificate as well. Im using a free ssl cert from Startcom and I have to have both the Intermediate and Root certs installed for it to work because by default the root cert isnt there. You can check this out by Start > Settings > Certificates.
Ren13B I have just intermediate cert installed, the one that OWA is using, self-signed. Can you tell me more about how to make it appear in ROOT tab?
snekoza said:
Ren13B I have just intermediate cert installed, the one that OWA is using, self-signed. Can you tell me more about how to make it appear in ROOT tab?
Click to expand...
Click to collapse
The fastest way I've seen to do this is search for a Microsoft tool called "SSLChainSaver". There are instructions on the site for using it, but the short form is:
Code:
sslchainsaver.exe [I]<exchange hostname>[/I]
This creates a directory with the certificates, and also creates two XML files containing the full certificate chain, one for Windows Mobile 5, and one for WinMo 6.
Find the XML file you want (<exch. server>.wm6.xml, probably), copy to _setup.xml, and make it a .CAB file:
Code:
copy exchserver.wm6.xml _setup.xml
makecab certs.cab _setup.xml
This creates a .CAB file you can download directly to your phone containing all the necessary SSL certificates for your server.
Hope that helps...
It seems there is something wrong with our OWA certificate, I found out that issuer has to be same as subject which is not, so even the tool work smoothly it could not get the root cert...Strange that iPhone has no problem with that but WM6 does:-(

[Q] certificate (.crt files)

I am getting my first WP7 phone next week and I was wondering how to install a .crt file in WP7. I was unable to find any information in the forums for WP7. In Windows mobile 6.5 I installed the .crt file on the phone with activesynch, ran the file through File Exp and it installed the certificate. Does anyone know how this is done with WP7? Thanks
dsdmarin said:
I am getting my first WP7 phone next week and I was wondering how to install a .crt file in WP7. I was unable to find any information in the forums for WP7. In Windows mobile 6.5 I installed the .crt file on the phone with activesynch, ran the file through File Exp and it installed the certificate. Does anyone know how this is done with WP7? Thanks
Click to expand...
Click to collapse
You just email the Cert to yourself & than open the email & download the cert on your WP7 device. Once downloaded, click the shield in the e-mail to install it. I guess the main question would be why though as at current, I think the Chevron Unlocker is the only tool that required installing a custom cert.
iridium21 said:
EDIT: Thanks to Cendaryn we also have the required security certificate - the easiest way (thanks to Talys) to install the cert and unlock your WP7 is to do as follows:
1. Unzip file, and attach chevronwp7.cer (see below for file) to an e-mail to yourself
2. Open email in WP7
3. Tap attachment once, turns it into a shield, tap it again, goes to install certificate screen with white letters on black screen
4. Click install at the bottom
Click to expand...
Click to collapse
drkfngthdragnlrd said:
You just email the Cert to yourself & than open the email & download the cert on your WP7 device. Once downloaded, click the shield in the e-mail to install it. I guess the main question would be why though as at current, I think the Chevron Unlocker is the only tool that required installing a custom cert.
Click to expand...
Click to collapse
I am not sure exactly what the certificate does... But my company requires that it be installed in order for us to rec emails through Microsoft exchange. I think it has something to do with password protection on the phone and also to allow the emails to synch. I guess i will have to setup my personal email first download the file install then setup my work email.. Thanks for the quick reply!!!
dsdmarin said:
I am not sure exactly what the certificate does... But my company requires that it be installed in order for us to rec emails through Microsoft exchange. I think it has something to do with password protection on the phone and also to allow the emails to synch. I guess i will have to setup my personal email first download the file install then setup my work email.. Thanks for the quick reply!!!
Click to expand...
Click to collapse
Ah okay, never thought about that. Well I can tell you a cert is a form of authentication. In this case, your companies email service must require the cert to prove that is allowed access. It's like a drivers license/ID/Social Security card/etc., but for applications/servers/service/etc. My main reason for asking was that in WM, we had to unsign the DLL/MUI/EXE's to edit them & than resign them & have the cert we used to resign them installed on the device so it'd recognize the DLL/MUI/EXE. This is how we changed the topbar icons for example. If you didn't sign the file, WM wouldn't load it or allow it to run.

[Q] Lync2013 certificate install not working

Hey guys,
I have a vanilla non-rooted Nexus 5 and i'm trying to get Lync 2013 to work. it installs, i find the lync server fine and i installed the cert but it still says cannot verify the certificate.
I install the exported cert into my N5 and it says it installs but under User Certificates nothing is listed.
Here is what i have found on the interwebs:
https://android.stackexchange.com/q...laims-success-but-android-acts-as-if-cert-isn
I have not tried the above because i am not in front of a linux terminal right now. My fear is unless i do this from the lync server, my cert wont be signed with the correct key so it work anyways.
I have tried taking the cert i have and exporting from IE into the DER format but that doesnt work either.
Anyone have any ideas?
Shaner

TLS-encryption on Palm Pre 1

Hello everybody,
I recently purchased a Palm Pre 1 running webOS 1.4.5. I unlocked, devmoded it and installed Preware. Now, e-mail does not work because of SSL errors, and websites annoy asking me to trust every certificate manually. What I tried to fix it, is to download the Root Certicate Update from Preware, I also copied the certificates from my Ubuntu machine to /usr/lib/ssl certs. All of this didn't work, but I found out that it might have something to do with a new certificate format (which uses sha-256 or something).
So I installed the alpha version of this here: https://forums.webosnation.com/webos-internals/330666-openssl-updater-fixing-certificate-issues.html but it didn't work either.
So my question is: Is there a way to get webOS 1.4.5 to work with the interweb of today properly?
I'd thank you for any comment!
Yours sincerely,
Jano

Categories

Resources