Page 1 of 2 12 LastLast
Results 1 to 20 of 40
Like Tree14Likes
  1.    #1  
    I mentioned in an earlier post (google error: requested encryption not supported by server) that my certificate manager was reacting weirdly (read: it wasn't doing anything at all).

    Since then I've looked into the code of the certificate manager a bit, and used ares-debug to figure out where things go wrong, and it turns out, that whenever palm://com.palm.certificatemanager was called, no response event would occur (neither an onSuccess nor an onFailure). I created a quick enyo app (the certificate manager is written in mojo, with which I have little experience) containing only a button an a service-call just to check whether the same occurs it in a simpler (controlled) environment, and there too I get to response (neither onResponse, onSuccess, or onFailure is called).

    In Lumberjack I saw that the underlying service (PmCertificateMgrService) does spit out plenty of stuff, so I can assume that the actual service is running. I get a huge list containing stuff like:
    Code:
    [2015-07-27 21:30:48] (PmCertificateMgrService) user.info: 1sub_str
    [2015-07-27 21:30:48] (PmCertificateMgrService) user.info: 2 sub_str: *.sndcdn.com,sndcdn.com, space_taken:12 space_left:102
    [2015-07-27 21:30:48] (PmCertificateMgrService) user.info: all common name: GlobalSign Domain Validation CA - SHA256 - G2
    [2015-07-27 21:30:48] (PmCertificateMgrService) user.info: all common name: GlobalSign nv-sa
    Despite the fact that Lumberjack implied that the service was running and being called, I checked whether com.palm.certificatemanager was in the right place (/usr/share/ls2/roles/prv/com.palm.certificatemanager.json and usr/share/dbus-1/system-services/com.palm.certificatemanager.service) and whether they looked the same as in the webOS doctor...and they did:
    Code:
    {
        "role": {
            "exeName":"/usr/bin/PmCertificateMgrService",
            "type": "regular",
            "allowedNames": ["com.palm.certificatemanager"]
        },
        "permissions": [
            {
                "service":"com.palm.certificatemanager",
                "inbound":["*"],
                "outbound":["*"]
            }
        ]
    }
    Code:
    [D-BUS Service]
    Name=com.palm.certificatemanager
    Exec=/usr/bin/PmCertificateMgrService
    Type=dynamic
    I then decided to check the output through luna-send which resulted in a nice error claiming that the service does not exist

    Code:
    >novacom -t open tty://
    root@TouchPad:/# luna-send -P -i palm://com.palm.certificatemanager/listcertificates '{"subscribe":true}'
    
    {"returnValue":false,"errorCode":-1,"errorText":"Service does not exist: com.palm.certificatemanager."}
    I checked a few other services like location and connection but they both work as expected giving me a nice corresponding output.

    So yeah, I'm kinda running into a roadblock here, and I really don't want to doctor my touchpad at the moment (and read up on bypassing the activation). So if anyone has any ideas as to what's happening and - more importantly - how I can fix it, any help is highly appreciated.


    ps. webOS wasn't to happy with me playing around with the certificate manager and lumberjack as it kept resulting in 'too many cards' even though these were the only two applications running (after a fresh full-reboot). When testing this I had to restart my - usually very stable - device almost every half hour due to this. Oh well...

    pps. on a sidenote, because all this made me curious. Since the certificate manager is written in mojo, how does luneOS manage the certificates? - Does it have an enyo equivalent, or are you handling it in a completely different way.
    TJs11thPre likes this.
  2. #2  
    I had exactly the same issue with gmail, but luckily found guide how to manually install certificates on webOS(in russian though, see Добавление "непонравившихся" сертификатов вручную). Thanks a lot to Compvir for this.
    In brief:
    All commands should be executed in the device shell.
    1. Navigate to the directory containing certificates.
    Code:
    cd /media/internal/downloads
    2. Get hashes for every certificate with:
    Code:
    openssl x509 -noout -hash -in gmail1.pem
    replace gmail1.pem with each of your certificates.
    For me resulted hashes are: 64d5dbd5, d76c6500, 7999be0d

    3. Copy certificates to /var/ssl/certs
    Code:
    cp *.pem /var/ssl/certs/

    4. Make symbolic link to each certificate with name <certificate hash>.0 (or .1 ... if you already have such files in /var/ssl/certs).
    Code:
    cd /var/ssl/certs
    ls
    ln -s /var/ssl/certs/gmail1.pem 64d5dbd5.0 
    ln -s /var/ssl/certs/gmail2.pem d76c6500.0
    ln -s /var/ssl/certs/gmail3.pem 7999be0d.0
    That's all. I can confirm this works.
    Misj' likes this.
  3.    #3  
    Quote Originally Posted by NIN_ru View Post
    That's all. I can confirm this works.
    Cheers! - I checked it with two accounts (I removed the certificate for one of my email accounts just to test this), and indeed, it works great! - It might not solve the problem with the certificate manager, but it makes it irrelevant (at least for now), which is good enough for me

    Thank you so much for your help!
  4. #4  
    Quote Originally Posted by NIN_ru View Post
    I had exactly the same issue with gmail, but luckily found guide how to manually install certificates on webOS(in russian though, see Добавление "непонравившихся" сертификатов вручную). Thanks a lot to Compvir for this.
    In brief:
    All commands should be executed in the device shell.
    1. Navigate to the directory containing certificates.
    Code:
    cd /media/internal/downloads
    2. Get hashes for every certificate with:
    Code:
    openssl x509 -noout -hash -in gmail1.pem
    replace gmail1.pem with each of your certificates.
    For me resulted hashes are: 64d5dbd5, d76c6500, 7999be0d

    3. Copy certificates to /var/ssl/certs
    Code:
    cp *.pem /var/ssl/certs/

    4. Make symbolic link to each certificate with name <certificate hash>.0 (or .1 ... if you already have such files in /var/ssl/certs).
    Code:
    cd /var/ssl/certs
    ls
    ln -s /var/ssl/certs/gmail1.pem 64d5dbd5.0 
    ln -s /var/ssl/certs/gmail2.pem d76c6500.0
    ln -s /var/ssl/certs/gmail3.pem 7999be0d.0
    That's all. I can confirm this works.
    Interesting.. Thanks for the info on the symlink being the hash for the cert. Looking at that directory on my Pre3, it looks like that must be where webOS copies certs when you trust them. When the bundled GlobalSign root certs expired, we found them in /etc/ssl/certs/trustedcerts and replaced them there.
  5. #5  
    Ugh. I hoped this would work with webOS 1.4.5, because I found the same folder exists there, but it doesn't work. That is indeed where the cert manager copies the certs to and generates the symlimks for you when you trust a certificate when prompted, but regardless of which way I did it, I still get the error "The server's security certificate is invalid" when I try to log in. The OpenSSL command-line doesn't seem to have a problem with the certs, but they don't work in email or contacts.
  6. #6  
    Since i doctored my palm pre 1.4.5 recently, it seems the cert manager is working. I can see the three *.0 files mentioned above (linked to google*.pem files) already in /var/ssl/certs directory. This implies my cert manager is working.

    But still Gmail has the ssl cert error problem. WTF.

    FYI: smtp.mail.yahoo.com:465 is using SHA256 encryption now. palm.smtp.mail.yahoo.com:465 is still using SHA1. Yet I can get outgoing mail working on Yahoo.

    Can we use POP3 mail for Google?
    Sent via HP TouchPad using Forums
  7. #7  
    I haven't tried pop3. I don't need email that bad.
  8. #8  
    Will replacing openssl from touchpad to palm pre help? I don't know where the issue is. Is it in the openssl version on palm pre or in the webos version 1.4.5 that sha256 is not working? We must have some one in the forum that has an expertise in this area. email is the basic thing i need on the device...
    Sent via HP TouchPad using Forums
  9. #9  
    Quote Originally Posted by NIN_ru View Post
    I had exactly the same issue with gmail, but luckily found guide how to manually install certificates on webOS(in russian though, see Добавление "непонравившихся" сертификатов вручную). Thanks a lot to Compvir for this.
    In brief:
    All commands should be executed in the device shell.
    1. Navigate to the directory containing certificates.
    Code:
    cd /media/internal/downloads
    2. Get hashes for every certificate with:
    Code:
    openssl x509 -noout -hash -in gmail1.pem
    replace gmail1.pem with each of your certificates.
    For me resulted hashes are: 64d5dbd5, d76c6500, 7999be0d

    3. Copy certificates to /var/ssl/certs
    Code:
    cp *.pem /var/ssl/certs/

    4. Make symbolic link to each certificate with name <certificate hash>.0 (or .1 ... if you already have such files in /var/ssl/certs).
    Code:
    cd /var/ssl/certs
    ls
    ln -s /var/ssl/certs/gmail1.pem 64d5dbd5.0 
    ln -s /var/ssl/certs/gmail2.pem d76c6500.0
    ln -s /var/ssl/certs/gmail3.pem 7999be0d.0
    That's all. I can confirm this works.
    I want to try this as I still have no gmail on the Pre2. Is this done on device? Do I use xterm or wterm or xecutah? Or is this with WOSQI and a USB connection?
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  10. #10  
    Quote Originally Posted by TJs11thPre View Post
    I want to try this as I still have no gmail on the Pre2. Is this done on device? Do I use xterm or wterm or xecutah? Or is this with WOSQI and a USB connection?
    WOSQI ---> Linux Command line. Connect the device to the computer and select just charge. Make sure device is in developer mode.
    Sent via HP TouchPad using Forums
  11.    #11  
    Quote Originally Posted by palmpre06062009 View Post
    WOSQI ---> Linux Command line. Connect the device to the computer and select just charge. Make sure device is in developer mode.
    I simply used the command:
    Code:
    novacom -t open tty://
    in the commandline in windows (novacom has to be installed of course for this to work). The rest is the same as in the comment above, but without having to go 'through' WOSQI.

    I haven't tried any on-device terminals, but that might work as well.
  12. #12  
    Quote Originally Posted by Misj' View Post
    I simply used the command:
    Code:
    novacom -t open tty://
    in the commandline in windows (novacom has to be installed of course for this to work). The rest is the same as in the comment above, but without having to go 'through' WOSQI.

    I haven't tried any on-device terminals, but that might work as well.
    You must use it a lot to remember the syntax correctly. I can never remember, so finally I created a batch file with the command in it so I can just type 'novaterm'. I'm all about efficiency. I prefer to use putty, but the port is blocked by my work laptop's security software - at least think that's why it doesn't work - so I can only use it on my home machines. It's mandatory for editing files directly on the device. It requires running a batch file from the Palm PDK one time on each device, and properly configuring a putty session for the right port.
  13.    #13  
    Quote Originally Posted by Grabber5.0 View Post
    You must use it a lot to remember the syntax correctly. I can never remember, so finally I created a batch file with the command in it so I can just type 'novaterm'. I'm all about efficiency.
    When I backed up parts of the developer.palm-site I had it bookmarked on my computer. So it was easy to find (plus I added it to this thread for easy future reference )
  14. #14  
    i'm about to try this install method by NIN.

    first problem: he's talking about gmail.pem but the zip i downloaded has 3 google.pems. not gmail. is this the right versions??

    i'm going to try to get these hash codes. do i type it exactly as he did or do i put google1.pem instead?

    EDIT: ok i took a stab, followed instructions as listed above. i used google1.pem instead of gmail1.pem

    got the same values, typed the cp *, ls, and ln commands. nothing happened.

    went into cert mgr, trusted new certs. nothing happened.


    my /var/ssl/certs folder has 1D.pem, 1E.pem, 1F.pem, 2.pem, the 3 hashcodes listed above, each with .0, and the three google.pems. IS THIS RIGHT?

    i've trusted everything twice. i dont understand why this account wont validate on this device but does on my Tpad. why?????
    Last edited by TJs11thPre; 08/02/2015 at 10:36 AM.
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  15. #15  
    Quote Originally Posted by TJs11thPre View Post
    i'm about to try this install method by NIN.

    first problem: he's talking about gmail.pem but the zip i downloaded has 3 google.pems. not gmail. is this the right versions??

    i'm going to try to get these hash codes. do i type it exactly as he did or do i put google1.pem instead?

    You have to use the file names from the zip. That's just how I named them, for right or wrong. The only time I have used this method is when the certificate manager couldn't handle the cert. If it doesn't work there, it likely won't work this way, but I'm interested to hear your results. Just make sure to remove them from the certificates manager if you load them this way.
  16. #16  
    aha! i found something.

    the 3 hashcodes, with their .0 ending, are also listed in the /var/ssl/cert/trustedcerts folder. their info shows symlink to /etc/ssl/certs/trustedcerts/geotrustglobal1.pem and were LAST MODIFIED IN 2011.

    question: is there conflict between these two different locations? what is the difference between /etc/ssl/ and /var/ssl?

    should i be deleting anything, or making things with ".1" ending because the older ".0" are here?
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  17. #17  
    Don't delete anything from there manually unless you are certain it shouldn't be there. The difference is the one from these instructions is for user-added cents and the other is where the pre-installed cents are.
  18. #18  
    i am definitely confused. but i'm suspecting that i should make my new hashcodes using the ".1" if the originals are in the other folder with .0s. i'm going to try that. i'm available to try anything you'd like me to test, if you have any ideas.

    edit: nope that didn't help either.

    can i use windows to copy whole folders directly from tpad to phone? i can't just do that can i. argh.

    what happens if i just wipe every folder clean and start over? will that bork my phone? i'm about ready to 'clean them' with a hammer.
    Last edited by TJs11thPre; 08/02/2015 at 11:08 AM.
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  19. #19  
    Definitely don't just wipe them. If you get rid of the google internet authority, geotrust, and imap.google.com certs from cert manager, they'll disappear from that folder along witg the symlinks.
  20. #20  
    now i know i've found something...

    im just looking at the two folders /var/ssl/certs on each device. i'm seeing variations. example:

    tpad and phone both have 64d5dbd5.0 and 5.1. but when i try to open 5.1 on the phone, it says it's an invalid cert. when i open it on the tpad, i says "file 14.pem is a security cert...imap.gmail.com expires 10/20

    THIS HAS TO BE MY CONFLICT. what do i do to fix this?

    edit: cannot duplicate this "invalid cert" msg. now when i open it says "file google1.pem is a sec cert. ...imap.gmail etc. idk why it said invalid before but not now. mail still doesn't work. settings still wont validate incoming mail server settings.
    Last edited by TJs11thPre; 08/02/2015 at 11:54 AM.
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
Page 1 of 2 12 LastLast

Similar Threads

  1. server's security certificate is not a trusted certificate
    By cswilliams30 in forum webOS Synergy and Synchronization
    Replies: 8
    Last Post: 02/28/2014, 01:48 AM
  2. Software Manager Broken
    By AndrewP in forum Palm Pre 2
    Replies: 5
    Last Post: 03/17/2011, 08:29 AM
  3. Certificate Manager broken - no Exchange sync
    By Jost in forum webOS Synergy and Synchronization
    Replies: 0
    Last Post: 10/06/2010, 02:08 PM
  4. Certificate Manager issue
    By Jmark61 in forum webOS Synergy and Synchronization
    Replies: 0
    Last Post: 12/16/2009, 04:40 PM
  5. Palm Pre Certificate Manager Date/Time
    By gkpurcey in forum Palm Pre and Pre Plus
    Replies: 2
    Last Post: 06/08/2009, 07:56 AM

Posting Permissions