Page 8 of 12 FirstFirst ... 3456789101112 LastLast
Results 141 to 160 of 235
Like Tree86Likes
  1. #141  
    Quote Originally Posted by DMeister View Post
    It worked for me!

    1) Go to https://s.outlook.com (it seems working even with https://m.hotmail.com )
    2) When prompted, Trust Certificate
    3) Go on Email and sync the email accounts and all will properly sync again (additionally you can do a reboot - just to be sure, but it wasn't required to my Pre3 and TouchPad)

    Easy and clean after all!

    Thanks guys! Especially Jerry!
    this worked the first time but it is not working now. I thought this was resolved and the problem returned today. When I click on this now, it does not show the "trust certificate" prompt. Does anyone have a new solution? thanks
    Last edited by HelloNNNewman; 02/17/2014 at 07:07 PM. Reason: removed incorrect formatting
  2. #142  
    Anyone else now having trouble with their Yahoo email? My Sprint Palm Pre has not updated the Yahoo incoming emails since the Feb. 16th. I can still send Yahoo emails, but suddenly it will not receive.The phone is set to:

    Incoming mail server

    Incoming server: palm.imap.mail.yahoo.com

    Port: 993

    Encryption: SSL

    Outgoing mail server

    Outgoing server: palm.smtp.mail.yahoo.com

    Use Authentication: On

    Port: 465

    Encryption: SSL


    Thank you for any help, and thank you for the help with fixing my Hotmail email.

    http://forums.webosnation.com/webos-...ml#post3413466
  3. #143  
    Is it giving you the yellow exclamation point, and displaying a 1299 error when you tap on it? If so, see this article: Workaround to fix the Yahoo email 1299 Error | webOS Nation

    On some of my phones, the only way my Yahoo account can receive is to set it up as a regular IMAP account instead of a Yahoo account as detailed in that article. The contact and calendar parts of the Yahoo type account work fine, but it cannot receive mail. This has been an issue for some phones/accounts for quite a while.
  4. #144  
    Thank you Matt !! That fixed it.
    Grabber5.0 likes this.
  5.    #145  
    Quote Originally Posted by Grabber5.0 View Post
    It does appear that the root certificate has been modified, and based on the error, I wonder if it is invalid. I got the same error the other day but didn't have time to look into it.
    Ok, I think I figured out the problem. Yes, GlobalSign changed the format of the certificate. I think you also mistyped the options for the openssl command. The following lines in your script:

    echo Generating .pem format files for certificates
    openssl x509 -inform DES -in Root-R1.crt -out GlobalSign.pem -text
    openssl x509 -inform DES -in gsorganizationvalg2.crt -out GlobalSignOrgValid_Interm.pem -text

    Should be changed to:

    echo Generating .pem format files for certificates
    openssl x509 -inform PEM -in Root-R1.crt -out GlobalSign.pem -text
    openssl x509 -inform DER -in gsorganizationvalg2.crt -out GlobalSignOrgValid_Interm.pem -text

    I tried this on my Pre3 and it seemed to work and allowed me to link a new Outlook account.

    One thing I noticed that did not match your previous instructions was that I had to go to the Certificate Manager and "trust" the newly loaded certificates.

    Nice touch in your script in not creating the backup files more than once. The second time I ran the script on my Pre 3, I had a mild panic as in "Oh sh*t. I just overwrote my backup certificates ". I looked at the file list and saw the dates on the backup files didn't change. Huh? Then I saw in your script you checked for overwriting the backups. Whew, I was worried for a moment.
    normsland likes this.
  6. #146  
    Quote Originally Posted by kwarner View Post
    Ok, I think I figured out the problem. Yes, GlobalSign changed the format of the certificate. I think you also mistyped the options for the openssl command. The following lines in your script:

    echo Generating .pem format files for certificates
    openssl x509 -inform DES -in Root-R1.crt -out GlobalSign.pem -text
    openssl x509 -inform DES -in gsorganizationvalg2.crt -out GlobalSignOrgValid_Interm.pem -text

    Should be changed to:

    echo Generating .pem format files for certificates
    openssl x509 -inform PEM -in Root-R1.crt -out GlobalSign.pem -text
    openssl x509 -inform DER -in gsorganizationvalg2.crt -out GlobalSignOrgValid_Interm.pem -text

    I tried this on my Pre3 and it seemed to work and allowed me to link a new Outlook account.

    One thing I noticed that did not match your previous instructions was that I had to go to the Certificate Manager and "trust" the newly loaded certificates.

    Nice touch in your script in not creating the backup files more than once. The second time I ran the script on my Pre 3, I had a mild panic as in "Oh sh*t. I just overwrote my backup certificates ". I looked at the file list and saw the dates on the backup files didn't change. Huh? Then I saw in your script you checked for overwriting the backups. Whew, I was worried for a moment.
    Thanks for the tip on converting the updated root certificate. I have pretty limited knowledge of SSL certificates, so I got those commands probably from a Google search. I wonder why they changed the format.. You should not have had to trust the new certs on your Pre3 however - I wonder if it's because you changed the option for converting the second cert. The point of the script was so you would not have to trust any certs manually (though that does not work on 1.x devices because the cert store is different). I tested the script this morning on a freshly doctored 2.1 only changing the value for the root certificate, and was able to add my hotmail account as before without having to trust the certs.

    Oh, and you know why that check for the backups is in the script, right? After tweaking the script numerous times, I realized I had overwritten the backups.
    Last edited by Grabber5.0; 02/23/2014 at 10:47 AM.
  7.    #147  
    Since we've been looking at the GlobalSign site, they've been messing with their web page with the root certificates. I remember the first time I pressed the "Download" button on the support page, I got a text display of the certificate in my browser. Coming back a few days later, the Download button now tries to install the certificate in my browser. Today I've notice they've sorted their certificates and you now need to click through two pages to get to the root certificates.

    You're probably right about not having to accept the certificates. I may have fooled myself. When I went to the Certificate Manager and pressed the + button, I saw the two GlobalSign certificates, waiting to be accepted. Oddly, the certificates had a .crt extension. So I accepted them. I re-ran the script on a Pre 2 and this time didn't accept the waiting certificates and was still able to add an Outlook account.
  8. #148  
    Quote Originally Posted by kwarner View Post
    Since we've been looking at the GlobalSign site, they've been messing with their web page with the root certificates. I remember the first time I pressed the "Download" button on the support page, I got a text display of the certificate in my browser. Coming back a few days later, the Download button now tries to install the certificate in my browser. Today I've notice they've sorted their certificates and you now need to click through two pages to get to the root certificates.

    You're probably right about not having to accept the certificates. I may have fooled myself. When I went to the Certificate Manager and pressed the + button, I saw the two GlobalSign certificates, waiting to be accepted. Oddly, the certificates had a .crt extension. So I accepted them. I re-ran the script on a Pre 2 and this time didn't accept the waiting certificates and was still able to add an Outlook account.
    Why do they have to keep jacking with stuff? Don't they I'm trying to automate a fix for people?

    I should probably change the script to delete or remove the .crt files when it's done. I never did it while I was working on it because I was running it repeatedly while tweaking. Removing them will avoid that confusion.
    Last edited by Grabber5.0; 03/02/2014 at 10:55 AM.
  9. normsland's Avatar
    Posts
    31 Posts
    Global Posts
    33 Global Posts
    #149  
    Hi Matt

    Thanks for the script! I too had to change the lines to..
    Code:
    openssl x509 -inform PEM -in Root-R1.crt -out GlobalSign.pem -text
    openssl x509 -inform DER -in gsorganizationvalg2.crt -out GlobalSignOrgValid_Interm.pem -text
    Ran the script today and worked fine. Anyway we can get this on preware to help everyone else out? ;-)

    Thanks again, Norm
  10. #150  
    You're welcome. Sorry I keep forgetting to upload the new version of this script with those changes in it.. Glad you got it to work.

    I do want to package it for Preware, but I'm not sure how. It requires reading..

    Edit: I updated the script on my website with the changes for the new root certificate. Link and instructions are here: http://forums.webosnation.com/webos-...ml#post3413122
    Last edited by Grabber5.0; 03/02/2014 at 11:50 AM.
    ananimus likes this.
  11. #151  
    I have a bit of success to report: I successfully built and installed a package using Jason's IPK packager that runs my script and it installed the updated scripts in the emulator. I the tried to remove it, but it errored out on the pre-remove script that restores the expired certs. It did successfully restore them, but it errored out on re-mounting the filesystem (the log isn't detailed enough, but since it did get through the restore step, i'd say it was when re-mounting it read-only. Both scripts do the same thing, so I can't understand why the install script didn't report an error, but the remove did.. maybe it is an emulator fluke?

    I'm asking myself if I should even bother with a remove script though. Thoughts?

    My other thought is that since browsers can legally include these certificates, would it be legal to just include them directly in the package instead of having it download them?
    Last edited by Grabber5.0; 03/02/2014 at 03:30 PM.
  12. #152  
    For what it's worth, I fixed the remove script. That or it was a fluke. I compared the install and remove and the only difference is in the remove the remount was the last thing in the script, but in the install there was an echo statement after it.. I added an echo statement and an exit 0 at the end, and was able to successfully install and remove it on two devices running 2.1, and a Pre2 running 2.2.4. Now I need to see if I have a running 1.4.5 device around here to install them on, to make sure the generated .pem files stick around so you can add them in the certificate manager. (sure would be nice if there was a luna-send command you could issue from a script to do that..)

    On 1.4.5, it is best to install via WOSQI, as it will pop up a big message box with the script output in it, indicating you can proceed with installing the new certificates via the Certificate Manager. One of the last lines says 'This is not an error if you are on a webOS 1.x device.', so don't panic.

    See post #105 for the IPK link. [Solved] Microsoft Outlook Certificate Expired
    Last edited by Grabber5.0; 01/08/2015 at 06:44 PM.
    DamionMilliken, Rnp and Sanjay like this.
  13.    #153  
    My other thought is that since browsers can legally include these certificates, would it be legal to just include them directly in the package instead of having it download them?
    That's an interesting question. Maybe this should be taken to the homebrew forum?

    Including the certificates leaves open the possibility of clone versions of your updater installing fake certificates. Sign your updater with an existing certificate maybe? But that costs money, I think. And we'd have to trust you .
    Grabber5.0 likes this.
  14. #154  
    Perhaps your script can display the download links. The user can then check manually. No trust or additional certificates required

    Or (sorry to suggest more work) a simple "Cert installer" app could do this with an install button. It could install certs from a known and displayed list of requirements or by user selection.
    Mode 1: State the recommended certs with links and offer to install (Check a maintained master list, Download to a directory & install)
    Mode 2: Manual install (install any certificate placed in the 'downloaded certs' directory)

    So this is easy to use for the non-techy and trusting user and the paranoid can check manually and install or not install by managing what's in the downloaded certs folder.

    Oh, finally the location of the maintained cert list could be set in the preferences. A link to your website, maybe a post on this forum or whatever the user wants to set in the future. (just in case you die of coding exhaustion!) ;-)
  15. #155  
    No thanks. I think anything that requires too much end user interaction is not ideal for average users. I appreciate that people have trusted me enough to run the script, which is easy for anyone to look at and the knowledgeable to understand. For me, the ideal situation would be for a trusted organization like webos internals sign the package and put the app in their Preware feed. Getting to a no-fuss IPK has always been my target.

    I don't like that Globalsign can change something on their site and break the script. That is why I asked the distribution question earlier.
    Preemptive and kwarner like this.
  16. #156  
    Quote Originally Posted by Grabber5.0 View Post
    No thanks. I think anything that requires too much end user interaction is not ideal for average users. I appreciate that people have trusted me enough to run the script, which is easy for anyone to look at and the knowledgeable to understand. For me, the ideal situation would be for a trusted organization like webos internals sign the package and put the app in their Preware feed. Getting to a no-fuss IPK has always been my target.

    I don't like that Globalsign can change something on their site and break the script. That is why I asked the distribution question earlier.
    Well I meant that 'Mode1" just involved the user pressing the install button. Mode 2 is the user fiddling with the process.

    But of course, it's up to you how you do this and I take your point about using Preware / Internals and possible problems at the Global sign end.
    Last edited by Preemptive; 03/02/2014 at 07:29 PM.
  17. #157  
    I understand. I just don't want to over-engineer this. It's possible that something robust could be created that could download and install new versions of expired certificates. For now, this route is easier and can help people now instead of later, and is hands-off and easy for the user. I really don't think it needs to be any more complicated than this.

    Now that I understand the environment the IPK postinst/prerem scripts run in a bit better, I know what to tweak so that they will work on 1.4.5. The IPK works fine in an environment where it can copy the scripts to the trustedcerts folder, but on 1.x, they need to be left somewhere under /media/internal so the user can add them via the Certificate Manager.
    Last edited by Grabber5.0; 03/02/2014 at 08:24 PM.
  18. #158  
    A new IPK has been attached to post 152 that will also work on 1.4.5, which will pop up an "error" message with the same instructions the script has always shown saying to add the new certificates via the Certificate Manager.

    Note even if you have already run the script, it is safe to install this IPK - note if you remove it though, it will restore the expired backup certs, so don't do it unless you plan to leave it installed.
  19. traveld's Avatar
    Posts
    77 Posts
    Global Posts
    103 Global Posts
    #159  
    Quote Originally Posted by Holly Davis1 View Post
    My Pre is doing the same thing. Saying the certificate has expired. I am now manually trying to set up the email but keep getting a pop up that says "Unable to sign in" "unable to validate incoming mail server settings. Check the settings and try again." I have tried everything I can think of. HELP!

    I am having the same problem. Even went to the Microsoft store. They were not able to fix it either. Did you figure out what to do? Were you able to set up your Hotmail or exchange account? I am totally frustrated
  20. #160  
    Do you able to login to your webmail account from Browser?
Page 8 of 12 FirstFirst ... 3456789101112 LastLast

Similar Threads

  1. Outlook update now available from Microsoft
    By JohnLar in forum Palm Windows Mobile Devices & Apps
    Replies: 1
    Last Post: 04/06/2010, 09:01 PM
  2. Does 1.1 fix SSL expired issue with Outlook?
    By antonio3 in forum webOS Discussion Lounge
    Replies: 3
    Last Post: 07/19/2009, 03:30 PM
  3. Sync w/ microsoft outlook
    By omgitsroy326 in forum Palm OS Devices & Apps
    Replies: 1
    Last Post: 02/12/2005, 12:38 AM
  4. Can't Use Microsoft Outlook
    By treo in KC in forum Palm OS Devices & Apps
    Replies: 4
    Last Post: 10/15/2003, 11:47 AM

Posting Permissions