Page 17 of 47 FirstFirst ... 7121314151617181920212227 ... LastLast
Results 321 to 340 of 923
Like Tree236Likes
  1. #321  
    My thanks to Preemtive for his kelp and support.

    But I'm like a rusty old wheel. I need to go back and study some of the basics on how the entire email concept was derived and how it works. I guess I'm like the great majority of email users, I use email (hereinafter known as gmail) but I never studied what goes on behind the scenes. I only recently got involved when I decided to awaken my HP Touchpad from the grave and try to get it to work with the gmail app. I decided to try the IMAP SSL concept. So, I DO have a great deal to learn, but patience is a virtue, and I will make it my quest to understand how all of this works. My perspective at this time, is that most of this is much more complicated than I had imagined. Some of the tech guys posting here, are way more advance than I am, but I need to learn, and that will take some time. I have to say that this WebOS forum is absolutely first class...where would we be since Leo. Apothekar pulled the plug at HP, and the demise of the HP Touchpad. It was on the consumer marked tor only 45 days! I only wish that I could also contribute more helpful info on this forum.
    Preemptive likes this.
  2. #322  
    Quote Originally Posted by Jeff Marshall7 View Post
    My thanks to Preemtive for his kelp and support..
    Like I always say, "You can't harvest the seaweed without getting your feet wet."

    I'm no tech-expert. I just try to follow along and sometimes write up help in these forums into pivotCE articles for average users like me.

    Don't forget this: http://forums.webosnation.com/webos-...ourselves.html
    Last edited by Preemptive; 08/15/2015 at 03:05 AM.
  3. #323  
    Thinking through what NIN_ru mentioned.

    So for xs4all, it was enough to add the *.xs4all.nl cert, since imap.xs4all.nl falls into the asterisk.

    A *.google.com cert will then not help, since we connect to imap.gmail.com, not imap.google.com

    So just a cert for *.gmail.com should be enough.

    Or both the imap.gmail.com and smtp.gmail.com

    But we shoudl not need any others

    -- Sent from my Palm Pre3 using Forums
  4. #324  
    Adding to that...

    Where he writes libpalmsocket will accept cerificates, if it can find matching.

    In other words, any time we have an imap or smtp server not working because of this error, we just need to grab the corresponding certificate for those servers.

    As I understand we do not need to follow the chain.

    -- Sent from my Palm Pre3 using Forums
  5. #325  
    Preemptive
    Yes, this is bug in openssl, or maybe not implemented feature. mobi.optware.openssl(0.9.8l) can't help us because ability to use the digest algorithm that we need was added starting from 1.0.
    My idea(originally yours ) is to run imap email service(used by email app) linked to newer openssl. So we need to recompile it(actually only libpalmsocket). I did that, but it didn't work for me, so i guess it's better to avoid different openssl versions used simultaneously. Instead, we can run only updated imap service in it's own environment, whole LuneOS is not needed, just if you have LuneOS already, you can use this way right now.

    I agree that scrpit that updates certificates is the practical solution for now, but in long term when webOS openssl version will be outdated, it probably will not work. Actually, such time it's already has come for webOS 1.4(as far as i read). Using this way, if we are lucky and palm not heavily modified mojomail-imap since webOS 1.4, we can try to use gmail on it.

    TJs11thPre
    I guess gmail in browser just works because it's web interface, and doesn't directly use imap and smtp.

    Quote Originally Posted by horzel View Post
    In other words, any time we have an imap or smtp server not working because of this error, we just need to grab the corresponding certificate for those servers.
    yes, you are right.
  6. #326  
    As we get closer to the Nov. 15 date, I'm hoping one of the smarter guys here on this forum will download the
    latest imap.gmail.com certificate and post it on this forum or possibly a link to it. If this happens, I will be able to download it to my PC and then copy it to my Touchpad using the USB cable interface. This is what I did with
    the current cert...the one that we have been calling google5.cert. For me, this seems to be the best solution for adding the newest certs. All the recent talk about OpenSSL.exe and OSSH is a little to complicated for me at this time, even though it is good advice. I'm still new to all this stuff, but I'm learning.
  7. #327  
    Oh, if they continue the way they have been, they'll update the IMAP cert dozens of time before Nov 15th.
  8. #328  
    After reading all the recent posts here, I've been thinking about all this cert stuff. So my question is...why does Google keep updating the imap.gmail.com cert so frequently? And why does this cert have a life span stated only in DAYS, not months or years? Is Google worried about hackers and attacks? An even better (dumber) question is why does Google need any certs at all? Maybe it's a built in requirement to run SSL. It just seems that these certs are creating a big headache for a lot of people.
  9. #329  
    The do-no-evil version is protecting against fake certificates until everyone is using more secure encoding methods. The conspiracy-theory version is they are trying to annoy people using old mobile devices into replacing them with new ones.
  10. #330  
    So let me do a short write up:

    Make sure you have the latest version of WebOS Quick Install; 4.6.0
    WebOS Quick Install v4.6.0

    I am skipping the step of making sure you can connect to your device, those threads exists already.

    So after opening WOSQI, and your device is connected, goto Tools, Linux Commandline
    A command screen opens, running on your Palm Device, please copy and paste:
    Code:
    openssl s_client -connect smtp.gmail.com:465
    I have choosen to run the command without -showcerts, since we only need the lowest Cert

    The resulting output will look like:
    Code:
    CONNECTED(00000003)
    depth=3 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
    verify return:1
    depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    verify return:1
    depth=1 /C=US/O=Google Inc/CN=Google Internet Authority G2
    verify return:1
    depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
    verify return:1
    ---
    Certificate chain
     0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
       i:/C=US/O=Google Inc/CN=Google Internet Authority G2
     1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
     2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
       i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIEdjCCA16gAwIBAgIIRU1aGVzo3ukwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
    BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
    cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwMjE4MTAxOTU2WhcNMTUxMjMxMDAwMDAw
    WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
    TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
    cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWhzIM
    jqZemjDUQZOzyhmeVu6uX+ZFWqnkXp4tliDcbPsrtyZQYxqw8XsArzCBKtp6DY85
    rVy8IjFXoXtPHA/LMWDlvryELz2jV1z08x37yZ6FPDR056mysCOfCDFX4uNyunTf
    lvR4f8oL0ngmSZdAAVCGc9jfTg9CQYXKCRHv1EIKF+T4vk5xgiNV3N8Wy6dbfVu3
    KQlLwGzUh4WaaKqe8AzceiZsFUmz2eAFdhRGknu4/gyKeY5pHgkYKYx/Rzv2sgoG
    8EuBQ9OQMOh3PptN8CCXhwwZn4pAS+ajV8ZfbHtMACmaQvNzbI1iI9QJKw42C9aj
    a3VAN9QnbIw4MArBAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
    KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
    XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
    MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
    A1UdDgQWBBSh6WggOBcK5Zwhr0O7+PFlnafafTAMBgNVHRMBAf8EAjAAMB8GA1Ud
    IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
    eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
    RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCNfO+0mq3Tmps8EANSmNeZGnMlaERs
    akjh5pH5KSdL7CJGjzR77uv3M+wPOeP2xp8cXqlKCamuacCWmoB2PjTsdxrDwMs8
    y7O8VRYFZ2h5wj3ssPEGTQPsjTezMeen0O9HgtZBYtoSis0HEr7MvFI5i8S/Qflp
    84E7yqtwM4DOdcG38DvBilBWf3nRn9N24Utghichuu4y+KZmq16F2T5vI0aGBqDb
    00IAmvJ7cmL1Ug+EWx7TGZADqrW1FvFdquWcLSx3WTUjTt1wH+GINGIVx0Z5TcSC
    vvFoQe5EOuiZ8GaWT4c3RcNJCzfPVcHluy22RCft5K/YrxTi4LtLksy9
    -----END CERTIFICATE-----
    subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
    issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 3211 bytes and written 399 bytes
    ---
    New, TLSv1/SSLv3, Cipher is RC4-SHA
    Server public key is 2048 bit
    Compression: NONE
    Expansion: NONE
    SSL-Session:
        Protocol  : TLSv1
        Cipher    : RC4-SHA
        Session-ID: 9F82225F93C952BEDFAD579CEDB1F3F30409A1A557EE4C4BA199942F87D35BFD
        Session-ID-ctx:
        Master-Key: 2661C94DD022C99C94F754D8B65FB05275DCBD24BB5CF18F758F68C1A488E7A7B4931218D1D3DEB1CECC11FBBAA83E5A
        Key-Arg   : None
        Start Time: 1439737253
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    ---
    220 smtp.gmail.com ESMTP fq15sm17610013wjc.12 - gsmtp
    From this you need to copy starting the line with: -----BEGIN CERTIFICATE----- to the line with: -----END CERTIFICATE-----

    Paste this in your favourite Notepad program, save it as eg "Gmail - Cert - SMTP.pem", make sure to set the "save as type" to "All files", to prevent Notepad from adding .txt

    Repeat these steps for IMAP, suggested name: "Gmail - Cert - IMAP.pem"
    Code:
    openssl s_client -connect imap.gmail.com:993
    You now should have both needed pem files, you can close the command line, but keep WOSQI open.

    In WOSQI, now go to Tools again, but this time choose Send File

    Browse to where you saved the pem files, take one of them, in Destination type:
    Code:
    /media/internal
    click Send to Device

    Repeat for second file

    Now you can close WOSQI, disconnect your device and open the Certificate Manager on device. Open the Device info/Geräteinfos, open the Preferences menu, choose Certificate Manager.

    In Certificate Manager you can now add the new certificates, by using the plus icon in the right hand corner, this should show the pem files you have just put on your device.
    Preemptive and TJs11thPre like this.
  11. #331  
    Or saving the cert on device right away:
    Code:
    echo | openssl s_client -connect imap.xs4all.nl:993 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /media/internal/certxs4all.pem
    courtesy:
    linux - Using openssl to get the certificate from a server - Stack Overflow
  12. #332  
    Is this how to make my own cert ANYTIME the triangles return? Or will this prevent triangles from ever returning? Please confirm or clarify. Thanks again!


    Damn triangles! Lol
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  13. #333  
    Quote Originally Posted by TJs11thPre View Post
    Is this how to make my own cert ANYTIME the triangles return? Or will this prevent triangles from ever returning? Please confirm or clarify. Thanks again!


    Damn triangles! Lol

    This is what needs to happen every time Google updates the certificate. It's the command that is in my script. I can post it now, or everyone can just run that, while I work on making it run periodically. Running it daily would be preventative action, though there's still a good chance a manual run will be required once in a while if the update happens between script executions.
  14. #334  
    It would seem that the great majority of people using Gmail, know absolutely nothing about SSL certificates. All they want to do is send and receive messages using Gmail. Many are most likely unaware that their messages are being sent and received using HTTPS. So this must mean that the Gmail program can be installed on almost any computer that uses the most popular OS software such as MS Windows, or Apple IOS. The end user does not need any technical knowledge about how it works. But it appears that when running WebOS, some technical knowledge IS required. We don't have MS or Apple to do the leg work for us. We have to get involved and do the leg work ourselves. In fact, when I wanted to set up IMAP Gmail on my Touchpad, Google supplies all the relevant settings...port numbers, SSL, TLS, server names, etc. But they never mention anything about certificates. And yet they are required. How strange is that? And it seems that they update their server certificate quite often, almost at random. So, if we do the required work, we can download and install their latest cert. You would think that Google would make their latest server cert. available for anyone to download and install on their client without a lot of technical knowledge...even when using WebOS. How hard could that be?
  15. #335  
    I know it's a bit confusing if you aren't real technical. It isn't that Google isn't making the certificate available, because they are - it's being returned automatically with the response from the mail server. The problem is the email client isn't able to automatically accept the new format of the cert, even though the browser is able to. Based on the article I read, it appears to be a security precaution due to weaknesses in the old encoding method. The biggest problem is that webOS is no longer supported by Palm or HP, who would need to make the required updates to accommodate the new certificate. Because of that, we are left to find solutions on our own.
    petbull and Jeff Marshall7 like this.
  16. #336  
    It was done also done by webos automagically like in all other OSes until this year google changed (for good security reasons a.k.a Snowden sake) to a new hash algorythm, explained e.g. here:
    https://www.globalsign.com/en/blog/e...ve-to-sha-256/

    On top e.g. supported browsers will have old style certificates marked as bad and will display a user message, which could happen in Mailclients too.

    The problem is that as you mentioned we don't have a vendor backing us by updating all the apps to have that advanced security still working automagically. On other unsupported OSes you would have to do that manual work too.

    Why they changed it so often is to their wisdom only, i generated our companys sha256 only once, but i think their "5th" interation now is stable for over a week, so perhaps there is hope
  17. #337  
    Dann grabber why are you up so soon this time, now we have "double post"
  18. #338  
    Even though it is double, you both explain it in different words, which gives more people an optio to understand

    -- Sent from my Palm Pre3 using Forums
    Preemptive and Grabber5.0 like this.
  19. gsfx's Avatar
    Posts
    101 Posts
    Global Posts
    103 Global Posts
    #339  
    Quote Originally Posted by gizmo21 View Post
    Here is another one, I wonder why the whole trustchain is not working correctly. Usually those servercert changes are common and are not a problem as long the cerchain to the CA is correct. Shouldn't we just add the new geotrust CA cert and google G2 cert to the trusted CAs folder on device instead of adding them in certmanager and shouldn't bother about the imap certs anymore?

    Mambo eerg Certificate Nr 5:

    Code:
    -----BEGIN CERTIFICATE-----
    MIIEdjCCA16gAwIBAgIIEnxXzw7BqNMwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
    BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
    cm5ldCBBdXRob3JpdHkgRzIwHhcNMTUwODA4MTIzMjMwWhcNMTUxMTA2MDAwMDAw
    WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
    TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOaW1h
    cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTJXIB
    MyD47rW3Z2GiCj9AUrbzESDm4i4zzHgEuYAFiEusMU9+CykQ7XaQBdrle4iCmLXV
    oDSRtHHtgOmjv2A4DpTTt5wuyc9efbg/5xPAgQbVVV9O9e8XyIyMaLxbNDn4Lkgy
    9+Vjb7bnaqQJrhAB6DOO4kFxGaV96K4lDu+2ohx4GRSt+xx5UxFflZs9nPqlonKb
    QQmZzoAExN6dbimUPiRAWMULpqrhfeefhpuDb9OGbkZwGJge/0vXBJfXvQlu519y
    4KsdgnxMHBEIz3lvjUl3H+lRy4kD4Lkvc5yj9fq+a0fak2GDqyqtKqdqKjffVMSk
    bQdPZtEcKDGPKnEhAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
    KwYBBQUHAwIwGQYDVR0RBBIwEIIOaW1hcC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
    XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
    MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
    A1UdDgQWBBTm7SXsqTNaRrJF/cAo1sQDcEvNoTAMBgNVHRMBAf8EAjAAMB8GA1Ud
    IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
    eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
    RzIuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBn8ykxJossVT887b/CihQ9aGV6fRWm
    MeiRRYXTzh99cH62q3YZjp0iohToI5ZF2Vwgab2OmQt/FmtMIKRRTYTskF1kB7cv
    Ye/xZzJMPBwLllk4c8983QFPpIMbnnA6jPhbglYvxPGzqS9OkO/WU4l31fb08lNr
    oylG3nmc3l/ikdwX66TO0eTCCqWj+fNc4azftjnV6nhjXDz5qOoGuSRZuiTVzVcc
    xiACW+zWlOBmIW92U9QPBtiORX34v1sD4UjgrklvA0hW9UzWHvTe+qRRVVdHN8fb
    T04SH1IUGCcI2x6zTMAhJ3ecJkqxt/I/SlIOjArG+7J/H6NUD/fH1Nak
    -----END CERTIFICATE-----
    Attached google5imap.pem now as .pem.txr rename to .pem and open it with Certmanager or internals Pro.
    This one did it! Thank you!
  20. #340  
    Thank you gizmo21 for providing the certificate for GMail. It has got my Pre3 working with GMail again.

    Regards
    Richard Corner

Similar Threads

  1. Replies: 23
    Last Post: 09/04/2015, 11:51 AM
  2. "Requested encryption not supported by server"
    By freebirds in forum webOS Tips, Info & Resources
    Replies: 14
    Last Post: 02/28/2015, 07:33 AM
  3. Replies: 3
    Last Post: 11/10/2014, 04:31 AM
  4. CM9 Encryption Unsuccessful Touchpad Error
    By JackisBack in forum Android on webOS
    Replies: 6
    Last Post: 08/04/2012, 11:51 AM
  5. Can not access 128 encryption server (sercurity) error code 18
    By quedawg in forum Palm OS Devices & Apps
    Replies: 0
    Last Post: 02/06/2005, 02:16 PM

Posting Permissions