Results 1 to 12 of 12
Like Tree8Likes
  • 5 Post By dkirker
  • 2 Post By gizmo21
  • 1 Post By Preemptive
  1.    #1  
    I was reading a post from Grabber5.0 that I was referenced to, here: [Solved] Microsoft Outlook Certificate Expired

    Quote Originally Posted by Grabber5.0 View Post
    Update: I was able to package this script into an IPK which is in post #152. This makes installation a bit simpler.
    On 1.4.5, it is best to install via WOSQI, as it will pop up a big message box with the script output in it, indicating you can proceed with installing the new certificates via the Certificate Manager. One of the last lines says 'This is not an error if you are on a webOS 1.x device.', so don't panic.

    Install package is located here: http://www.fordmaverick.com/GrabberS..._1.0.2_all.ipk

    If you wan to read the full post, here is a link to post #152: [Solved] Microsoft Outlook Certificate Expired


    Original content starts here:
    Ok that's what I did. I guess anything more and you're still just taking my word for it that they're right anyway. I will upload that version to my website. Updated link: http://www.fordmaverick.com/GrabberS...cecerts.sh.txt

    After downloading, remove the .txt extention and copy to your device's usb drive, and run from a terminal window. Note: if you want to do this using wterm on-device, you must have the root access configured, or you won't have permission to copy the certs and will have to copy them using Internalz.

    Also, if you use this method on a 1.x device, you will have to use the Certificate Manager in the Device Info app to accept the downloaded .crt files, as the certificate store is different.
    And I got to thinking..... It might be worth it to make something like - How To Use to create a new certificate bundle to load on the device that updates everything, and removes expired certificates. (May be a lot of work, though?)

    I haven't really thought it through, but I suspect there are more than just expired GlobalSign certificates in there that have expired.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  2. #2  
    IIRC, webOS primarily uses individual PEM files in /etc/ssl/certs/trustedcerts rather than the bundle in /etc/ssl/certs/ca-certificates.crt . The reason being that a full ca-certificates bundle is typically huge and requires the whole thing to be loaded into memory.

    webOS also requires the certificates to be symlinked in /var/ssl/certs/trustedcerts; for example, /var/ssl/certs/trustedcerts/facacbc6.0 is a symlink to /etc/ssl/certs/trustedcerts/Verisign-C3_PCA_G5.pem

    On a typical linux desktop, the symlinks are generated by the c_rehash perl script; on webOS, it's done using pmcertificatemgr. Roughly, it's `openssl x509 -subject_hash -noout -in somecert.pem` with ".0" appended, although if a ".0" already exists then it'll use ".1" and so on.

    webOS 1.x is the same deal but with a different directory; probably /var/ssl/certs but I don't recall exactly.
  3. #3  
    Perhaps someone with an LG TV could deliver us the newest certs for webOS?

    Or is there a repository for openwebos online with those newer certs?
    ArchonAdvisors and Rnp like this.
  4. #4  
    I like this thread & will link to it from the 'service pack' thread.

    Good ideas. I look forward to seeing progress.
    Rnp likes this.
  5. #5  
    Quote Originally Posted by gizmo21 View Post
    Perhaps someone with an LG TV could deliver us the newest certs for webOS?

    Or is there a repository for openwebos online with those newer certs?
    Openwebos uses the ca-certificates recipe from the openembedded project, with modifications to add the symlinks:

    https://github.com/openwebos/meta-we...30119.bbappend

    https://github.com/openwebos/meta-we...icates.bbclass

    The actual certificate bundle comes from Debian:

    https://github.com/openembedded/oe-c...es_20130610.bb
  6. #6  
    What is wrong with the Webos Certificate manager? (in the preferences of the Device Info-app) Or checking the URL and then accepting/trusting a certificate permanent?

    That also imports new certificates, just for the services that you need...
  7.    #7  
    Quote Originally Posted by poehoes View Post
    What is wrong with the Webos Certificate manager? (in the preferences of the Device Info-app) Or checking the URL and then accepting/trusting a certificate permanent?

    That also imports new certificates, just for the services that you need...
    There's nothing wrong with the cert manager. The issue is that the certificate manager stores certificate authority (CA) certificates that are used to verify a certificate's chain of trust. For instance, ebay.com has a certificate assigned to their server by them (they being the CA for their own machines), but not all web browsers have their CA cert installed (though you can). So, their CA certificate is assigned by a known trusted CA (like Verisign). All of the browsers have Verisign's CA cert installed. But, they do expire, and you have to update them -- otherwise, the verification of the "downstream" certificate will fail.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  8. #8  
    So, am I right in saying that the process we require for all users is:

    A. A list of all certificates installed by default on webOS devices: Palm Support : Using SSL Certificates. Presumably these are included in the webOS doctors - regardless of if they are out of date.
    B. A sublist of expired certificates and the location of their respective replacements (easily done)
    C. An alert thread (this one?) posted to when a certificate expires - or a system of auto-alerts like an alarmed .ics file for your calendar or a spreadsheet that displays when the expiry date is prior to the current date. (should be easy again)
    D. A set of instructions for downloading and converting certificates to the format used by webOS (.crt to .pem), including verification for the paranoid. (A fuller and simpler version of This post above)
    E. Instructions for installation.
    ...
    F. Ideally, an app or other system that can do all the above for you, but that may be a lot of work, whereas the individual steps above should be possible with a group effort - much of the info has already been posted.

    With the above in place then hopefully any new user or doctored device can find a resource that clearly lays out a process for bringing legacy devices up to date. I assume Open webOS / LuneOS will offer the support to update their certificates with the Debian bundle mentioned above.

    As an aside, would there be any advantage to migrate legacy to the Debian bundle, therefore using a maintained certificate source. (maybe that could break something like app catalogue access?)

    Feel free to correct any wrong assumptions.
    Last edited by Preemptive; 07/11/2014 at 09:07 AM.
  9.    #9  
    I think I had started down a path for certificate upgrades. I'll have to look again.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  10. #10  
    BUMP

    If compatible, it seems to me that taking certs from Open webOS (see above) or LuneOS to install on Legacy would be the easiest solution - ideally automated, but could be done manually if we can make an expiry timetable.

    Comments?
  11. #11  
    Is a list that easy? Aren't some certs dependent on what servers a user connects to? One of my work network certs died. Without knowing how to find it, remove it and fetch a new one I doubt ones like that would be captured...
  12. #12  
    Hmmmm... I don't know! ;-) I thought... don't we just need root certificates that certify those 'downstream..?
    webOS SSL certificate updater

    ...I'm not an expert on any of this, but it gives me the amazing power to ask obvious questions! ;-)

Similar Threads

  1. Replies: 73
    Last Post: 11/02/2014, 05:47 PM
  2. App Catalog - webOS Online Services Root Certificate Expiry
    By GMMan in forum webOS Discussion Lounge
    Replies: 193
    Last Post: 07/06/2014, 02:43 AM
  3. server's security certificate is not a trusted certificate
    By cswilliams30 in forum webOS Synergy and Synchronization
    Replies: 8
    Last Post: 02/28/2014, 02:48 AM
  4. Root certificate fix for WebOS- A MUST FOR EVERYONE
    By imfallen_angel in forum Palm Pre 2
    Replies: 1
    Last Post: 06/07/2013, 12:44 PM
  5. Need an EV SSL certificate
    By brianflhome in forum webOS Apps & Games
    Replies: 1
    Last Post: 11/23/2010, 07:52 AM

Posting Permissions