Page 28 of 47 FirstFirst ... 182324252627282930313233 38 ... LastLast
Results 541 to 560 of 923
Like Tree236Likes
  1. #541  
    Quote Originally Posted by Herrie View Post
    These come from the Doctor. Was just searching for certificate manager references and came across these bits of code. So thought they might be of interest. Seems that the first one is used to add the root certificate when the device is being setup
    Thanks, I found what I needed.
    That first one I think is a certificate revocation list based on the name.
    Last edited by Grabber5.0; 09/04/2015 at 11:16 AM.
    Preemptive likes this.
  2. #542  
    ahhh!
    emails are back, but calendar suddenly went blank on update!!!!
    Is there a link?
  3. #543  
    How are you syncing your calendar? There are only two ways to sync google calendar to webOS: frantid's google oauth pach, which also updates the calendar to the latest api, or garfonso's c+dav connector.
  4. awriter's Avatar
    Posts
    70 Posts
    Global Posts
    71 Global Posts
       #544  
    Quote Originally Posted by palmpre06062009 View Post
    Just bookmark the ipk link.
    I opened Compose in Gmail without sending it to anyone. Attached the file, 'saved' it to drafts. Opened it on my TP and clicked the attachment. Preware opened automatically and asked if I wanted to install.

    I cancelled, and move the draft to my Save folder, where it will be ready for me to use - over and over again - whenever I need it. Which with Google, will be a lot.
  5. awriter's Avatar
    Posts
    70 Posts
    Global Posts
    71 Global Posts
       #545  
    Quote Originally Posted by Grabber5.0 View Post
    when I've had multiples and removed the old ones, it would not work until I removed the last one and re-added it.
    Using your script, I haven't had to delete any old certs ... yet.
  6. #546  
    Me too. I got the impression they were overwriting.
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  7. #547  
    They are overwritten in the sslcerts directory by my script, but not in the certificate manager or the directory it copies the cert file too.
  8. #548  
    Quote Originally Posted by Grabber5.0 View Post
    How are you syncing your calendar? There are only two ways to sync google calendar to webOS: frantid's google oauth pach, which also updates the calendar to the latest api, or garfonso's c+dav connector.
    I use garfonso's c+dav connector which was ok so far...

    And just now, it sync'd right! So no more problem.
    Last edited by abcama; 09/05/2015 at 07:23 AM. Reason: Problem solved 15 sec after I sent my message.
  9. #549  
    Quote Originally Posted by Preemptive View Post
    See above: This post



    The device info app is in the settings tab of your app launcher - or just type, 'device' in the universal search bar. On any app you should see a tab in the top left of the screen containing the app's name and a down-pointing arrow. Swipe your finger down over this to see a menu. Tap on 'certificate manager'. In the card that opens, tap the 'rosette'-like button at the bottom left to add new certificates to the approved list.
    ...when I try to add the two .pem files, I get 'Invalid Certificate' with the message--

    'The file googlesmtp.pem cannot be opened because it is not a valid security certificate file format.'

    I'll retrace my steps...

    Never mind--seemed to work now. Perfectly!

    Will report back...

    ...still love webOS.
    Last edited by josephandrews222; 09/05/2015 at 07:43 AM.
  10. #550  
    I can't speak for others, but on my Touchpad, I've found that deleting all the older pervious certs...FIRST...and then adding the newest cert has always worked. And of course the new cert has to be trusted...a standard procedure.
    As Grabber5.0 has previously stated, the older certs no longer apply, so just delete them.
  11. #551  
    Update: I decided to give Grabber5.0's .ipk that he posted, a try. I used WOSQI and the laptop USB cable to perform all the steps. I printed out an elaborate set of instructions (32 individual steps) to accomplish this. The bottom line is that everything worked out perfectly. When I open the Certificate Manager, I now see three new certs.

    1. googleimap.pem 9/5/15 1.57K
    2. googleimap7.pem 9/2/15 1.57K (currently trusted & in use, previously installed)
    3. googlesmtp.pem 9/5/15 1.57K

    Number 1 and 2 are identical...just with different names.

    I also discovered that the ipk file now resides in my Touchpad, in the "certificates" folder, so now I can run it in the future on the TP without using WOSQI and laptop. This is better than I had imagined.

    And allow me to say a BIG, BIG, THANK YOU to Grabber5.0...a true genius with this stuff. He's guiding the WebOS ship through uncharted waters.
    Last edited by Jeff Marshall7; 09/06/2015 at 08:01 AM.
  12. #552  
    I've been thinking about all the recent google cert updates, and I ask...but why? Just my curious nature. I then realized that the imap.gmail.com sever is the last server in the chain of 3 for google, and this is the server that it working with millions of email requests every day. Most likely, this is a group of email severs at different locations that address the non stop sending and receiving of gmail. So, vulnerability becomes the issue. The bigger the target, the easier it is to hit. And unfortunately, there are a lot of very bright people on the Internet with nefarious motivation in mind. And so Google (actually all the big guns..MS, Apple, etc) have their work cut out for them. It could even be called job security. The actual creation of any secure certificate is a complex formidable task. I'm in the process of learning the details, and it is really mind blowing. The best crypto guys in the business are the foundation of secure certificates. A fascinating subject!
    Last edited by Jeff Marshall7; 09/05/2015 at 07:08 PM.
  13. #553  
    Quote Originally Posted by Jeff Marshall7 View Post
    So, vulnerability becomes the issue.
    I just assumed it was because Google wants to screw anyone who doesn't use Android or Chrome.

    My brand new certs from Grabber were working this afternoon, now this evening, they are not.
  14. #554  
    I was doing some checking and noticed something a bit strange (at least to me). On my Touchpad, when I look at the details of the security certificates, it shows 3 certs. GeoTrust Gobal Ca, Google Internet Authority G2, and finally, imap.gmail.com with an expire date of Nov.23, 2015 and serial no: 6EACFA2B217C744.

    When I check my gmail screen on my laptop, I see the same 3 certs, EXCEPT the last cert is mail.google.com with a different serial number, but has the SAME expire date. It seems there are two different servers and yet my email messages are identical on the Touchpad and the laptop. Perhaps it's actually the same server but with different names and protocols? Does anyone know more about this?
  15. #555  
    Ok some mildly good news. Google Cert Grabber 0.5 (it will take a few iterations to get to version 5.0 ) has been created and tested on my Pre2 with success. I'm going to refine it a bit and have a couple others test it before I release it into the wild. It took a while to put together all of the pieces to extend my basic service demo app to use Jason's homebrew service enabler (root access). The initial version probably doesn't even need root access, but if I get it to the point of installing the certs automatically, it's going to need root. The first public version will simply open the cert manager for you if the certs are successfully downloaded.
  16. #556  
    Quote Originally Posted by Jeff Marshall7 View Post
    I was doing some checking and noticed something a bit strange (at least to me). On my Touchpad, when I look at the details of the security certificates, it shows 3 certs. GeoTrust Gobal Ca, Google Internet Authority G2, and finally, imap.gmail.com with an expire date of Nov.23, 2015 and serial no: 6EACFA2B217C744.

    When I check my gmail screen on my laptop, I see the same 3 certs, EXCEPT the last cert is mail.google.com with a different serial number, but has the SAME expire date. It seems there are two different servers and yet my email messages are identical on the Touchpad and the laptop. Perhaps it's actually the same server but with different names and protocols? Does anyone know more about this?
    This is because when you check gmail in your browser, it is using a webapp at mail.google.com, which is not the same as imap.gmail.com, which is used by imap mail clients. It's no surprise the expire date is the same, as they are likely updating them all regularly, but the serial no (has code) is going to be different because it's a different cert.

    The GeoTrust and Google Internet Authority have not been updated to use the new SHA-256 encoding, so they are of no real significance at this point. The reason they are the same for both imap.gmail.com and mail.google.com is that they are the intermediate and root certificates that all of Google's endpoint certificates are signed with.
    Jeff Marshall7 likes this.
  17. #557  
    Quote Originally Posted by Grabber5.0 View Post
    This is because when you check gmail in your browser, it is using a webapp at mail.google.com, which is not the same as imap.gmail.com, which is used by imap mail clients. It's no surprise the expire date is the same, as they are likely updating them all regularly, but the serial no (has code) is going to be different because it's a different cert.

    The GeoTrust and Google Internet Authority have not been updated to use the new SHA-256 encoding, so they are of no real significance at this point. The reason they are the same for both imap.gmail.com and mail.google.com is that they are the intermediate and root certificates that all of Google's endpoint certificates are signed with.
    So then, the web gmail never gets the yellow triangles...meaning that it is auto updating the new certs, without any kind of input from the end user. But the imap gmail needs end user updating.
  18. #558  
    Quote Originally Posted by Jeff Marshall7 View Post
    So then, the web gmail never gets the yellow triangles...meaning that it is auto updating the new certs, without any kind of input from the end user. But the imap gmail needs end user updating.

    It's not the browser is updating anything, it just recognizes the certificate as valid, but for some reason, the email client does not, unless you manually trust it outside the app.
  19. #559  
    Quote Originally Posted by Jeff Marshall7 View Post
    So then, the web gmail never gets the yellow triangles...meaning that it is auto updating the new certs, without any kind of input from the end user. But the imap gmail needs end user updating.
    Unfortunately, one way or another, this IS a legacy webOS problem. It remains unclear, but is either:
    • A fault in the version of OpenSSL - Solution: replace this module (not as easy as it sounds - it's built in to the OS).
    • A failure of webOS to request the SHA256 function - Solution: Patch webOS (requires being able to read the source code, proprietary or not. Might be possible for a skilled programmer.)
    • An actual bug in invoking or passing the data correctly to OpenSSL or in the general approval process. - Solution: Patch webOS.

    The fact that SHA256 certificates appear to work in the browser is actually good news as it implies the basic functionality is there, suggesting the fault is in the email app. I think it's been stated that the email app code is readable, perhaps even open source. So for someone who has the skill to understand and fix that code, a solution may be possible, but that it was apparently not noticed or fixed by Palm through all released versions of webOS is not encouraging.

    webOS never had a large user-base and the enthusiasm came from those impressed by the UI and the ease with which webOS could be hacked/fixed. It is becoming increasingly like an old car held together with duct tape - the expense of a proper fix exceeds the cost of a new car. In our case, the cost is developer time - better spent on LuneOS. We remain fortunate that Grabber5.0 is developing ever better duct tape!

    It is only the frequency of Google's changes that are highlighting this problem and in fact driving the development of the Grabber app. This is good, because the issue is not confined to Google, and more and more services will be moving to these certificates over the next few months (there is a deadline to deprecate ALL older type certificates).

    I'll just humbly repeat my suggestion that compared to the effort Grabber5.0 is making to increase the ease of use by enabling root access, the effort of adding user input should be fairly easy. Hopefully, by version 5.0 it will not just be a Google Cert Grabber, but a Universal one.
  20. #560  
    I'll just humbly repeat my suggestion that compared to the effort Grabber5.0 is making to increase the ease of use by enabling root access, the effort of adding user input should be fairly easy. Hopefully, by version 5.0 it will not just be a Google Cert Grabber, but a Universal one.

    I fully agree. I don't want to sound like I'm complaining...that's not my intention. I'm just trying to learn more about the true nature of these certificates. I'm just learning the basics. The actual process of generating a SHA256 function is far more complicated than anything I can comprehend. And of course, I do fully support the time consumed and mental dexterity provided by Grabber5.0.

    As you can see, I tried to quote part of your previous post, and it appears here...but does not show up as a quote. I'm doing something wrong. I'm still new in this forum...learning as I go along.
    Last edited by Jeff Marshall7; 09/06/2015 at 05:07 PM.

Similar Threads

  1. Replies: 23
    Last Post: 09/04/2015, 11:51 AM
  2. "Requested encryption not supported by server"
    By freebirds in forum webOS Tips, Info & Resources
    Replies: 14
    Last Post: 02/28/2015, 07:33 AM
  3. Replies: 3
    Last Post: 11/10/2014, 04:31 AM
  4. CM9 Encryption Unsuccessful Touchpad Error
    By JackisBack in forum Android on webOS
    Replies: 6
    Last Post: 08/04/2012, 11:51 AM
  5. Can not access 128 encryption server (sercurity) error code 18
    By quedawg in forum Palm OS Devices & Apps
    Replies: 0
    Last Post: 02/06/2005, 02:16 PM

Posting Permissions