Results 1 to 5 of 5
  1. leonidm's Avatar
    Posts
    189 Posts
    Global Posts
    191 Global Posts
       #1  
    Hi,
    I'm trying to move from old versamial to the new one, and got the SSL error trying to sync. the SSL certificate is valid on the PC so it's probably just not in palm certificate database. I've tried to follow instruction
    http://www.palm.com/us/support/downl...rtmodtool.html
    to use Certificate Modification Tool but , but I must be doing something wrong as it still doesn't work.
    the server is echange.kronos.com
    the certification path looks like this:
    VeriSign Class 3 Public Primary CA
    Thawte SGC CA
    exchange.kronos.com

    I manually installed the cetificate from IE page above - by default it is going to personal store, I also tried to force it to go to Trusted certificate store. Then used the palm tool to create certificate database and move it to treo - both blazer and versamail still complain about SSL validity
    I'm VERY end user so I don't have access to the server side
    Any help will be greatly appreciated.
  2. #2  
    We are going through the same thing with a couple windows mobile devices. Supposedly on WM, you just copy the .cer/.crt file (or rename them to a .der file) off the exchange server to the device, execute them on the device, and viola! But we have so far been unsuccessful.

    I will be looking into the Palm side of things this week and I'll let you know if I figure it out. In any case, any helpful hints would be appreciated on the Palm side (or WM) of things!

    Sprint Pre & Motorola H300 BT headset

    Dead devices: Palm Pro; Palm III; Treo 600, 650, 700p, 755p; Centro
    Yes, I finally updated my tagline!
  3. leonidm's Avatar
    Posts
    189 Posts
    Global Posts
    191 Global Posts
       #3  
    Thank you, in palm's case it's not that easy - palm comes with prebuild pdb database (CertMgrDB ) that has limited number of trusted authorities there.
    If your's is not there you can use their Certificate Modification Tool on a windows machine to export desired certificates to one pdb and place it to RAM. This unfortunately did not work for me - webbrowser and versamail, still complain about the certificate.
    I also found in another place (http://wiki.zimbra.com/index.php?title=Palm_Treo_680) reference to SSL Chain Saver Utility, that apparently allows you to extract certificate directly from the server.
    https://hdc.tamu.edu/reference/docum...section_id=860

    for me it came back that the server has a chain of certificates:
    Chain contained 3 certificates
    Needed 2 certs from the server but got 1
    You must install the intermediate certs onto the device.

    Cert 2. Issued to: exchange.kronos.com
    Cert 1. Issued to: Thawte SGC CA
    Cert 0. Issued to: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

    Certificate XML created. Use "rapiconfig exchange.kronos.com.xml" to add the certs to a connected device or create a CAB file.

    It also created 3 cer files - i haven't tried to use them yet.
  4. leonidm's Avatar
    Posts
    189 Posts
    Global Posts
    191 Global Posts
       #4  
    I'm glad to confirm that the "SSL Chain Saver Utility" method of obtaining the certificate(s) to be exported to PALM worked! (compared to the one described on the PALM's Certificate Modification Tool page)
    So to make it short and simple:
    1)download the SslChainSaver.exe
    2)from command line run:
    SslChainSaver.exe your.owa.server.name
    you'l end up with folder called "your.owa.server.name" , which will contain one or more certificates that your server uses and your palm needs to trust.
    3) use PALM's Certificate Modification Tool to export ALL of the certificates in that folder in to one PDB file
    4) use instructions on the PALM's Certificate Modification Tool page (or just Resco explorer in "Safe mode" in my case) to move PDB to RAM.
    5)reset your TREO
    6) verify that you can access your OWA page from blazer without SSL warning, if you can you are all set, go to versamail and configure your account
  5. #5  
    Cool! Will try it out and see if it works!

    Sprint Pre & Motorola H300 BT headset

    Dead devices: Palm Pro; Palm III; Treo 600, 650, 700p, 755p; Centro
    Yes, I finally updated my tagline!

Posting Permissions