Page 3 of 12 FirstFirst 12345678 ... LastLast
Results 41 to 60 of 224
Like Tree18Likes
  1. #41  
    (updated to simplify even more)

    A thousand thanks to Preemptive and markar that provided the info and instructions that make it possible to figure it out.

    To assist, here's my simplified approach and I am including the .pem files so those that would have the trouble like I did to understand and get them done, don't have to fuss to get them. (getting the pem were the hardest part)

    ------------------------------------------------------------------------------------------------------------------------------------------------------------
    Here's the fix in three/four easy to follow steps.
    ------------------------------------------------------------------------------------------------------------------------------------------------------------

    1) download the attachment below on this message. It contains the 3 pem files that you'll need.

    They are the 3 certificates (pulled from my machine, and confirmed to work for those that have used them)

    yahoo1.pem
    yahoo2.pem
    yahoo3.pem

    2) copy them on the device via USB (or WIFI file sharing), I placed them in the download folder.

    3) Either via Internalz open the first one, this will open the Certificate Manager, or go to "Device Info", and top left menu, you'll find Certificate Manager.

    Trust Certificate for all of them (get each next one via the gear-like + icon in the left bottom).

    ---------------------------------------------------------------------------------------------------------------------------------------------------------
    This is all that is needed, the emails should be working again.
    ---------------------------------------------------------------------------------------------------------------------------------------------------------

    (repeat 2 and 3 for all other devices you have)


    4) (if needed) reboot the device,

    As I was testing things out, I deleted my accounts and redid them manually
    They probably didn't have time to start working before I believed that they weren't working, so before you delete yours, give it a few minutes. (I'll be testing with my wife's Pre3 later and will update this post if I find that I was just impatient or if it is needed.)

    In case you want to redo your accounts, here's the setup:


    incoming:

    imap.mail.yahoo.com
    username (email)
    password

    SSL encryption
    993 Port #

    Outgoing:
    smtp.mail.yahoo.com
    use aut. (on)
    username (email)
    password

    SSL encryption
    465 Port #


    But remember that it can take a few minutes for that yield icon to go away.
    Attached Files Attached Files
    Last edited by imfallen_angel; 03/07/2015 at 12:50 AM.
    Palm M105 > M130 > Zire 71 > Zire 72 >TX > Lifedrive > Pre > Pre2 >Touchpad > Pre3(8GB) > Pre3 (16GB)
    I see a pattern...
    frantid likes this.
  2. #42  
    Quote Originally Posted by palmpre06062009 View Post
    Which root certificate are you referring? Is it the last one of the three in the list of certificates retrieved from imap.mail.yahoo.com:993 or some other root certificate?

    Has anyone followed all the steps listed here (besides cutting and pasting Begin....End Certificate into a file and then trusting it) How To Verify SSL Certificate From A Shell Prompt ?

    Do we need to put the certificates under /var/ssl/certs or /etc/ssl/certs in Palm Pre?

    Thx
    Have you tried installing & trusting the certs via the certificate manager? I think I read somewhere that it's not enough to put the certificates in the files system - you have to trust them via the manager. As I only placed the files in the download folder, I assume they are 'installed' in the correct location and 'approved' by the manager.
  3. normsland's Avatar
    Posts
    31 Posts
    Global Posts
    33 Global Posts
    #43  
    From my experience here with a Touchpad, to receive yahoo.com you only need *.imap.mail.yahoo.com wildcard certificate.. So I simply snipped first certificate
    Code:
    -----BEGIN CERTIFICATE-----
    (data here)
    -----END CERTIFICATE-----
    Pasted it in notepad in Windows and saved it with .pem extension. Then emailed it to my other account on the Touchpad. Saved it to the filesystem. Then opened the pem in Internalz which opened it in Certificate Manager. Then refreshed my inbox, the exclamation had gone and emails were flowing freely.

    As PreEmptive has pointed out in Qualys article SHA1 is being deprecated as they are no longer considered secure meaning lots of new SHA256 certificates are coming our way!
  4. #44  
    Quote Originally Posted by normsland View Post
    From my experience here with a Touchpad, to receive yahoo.com you only need *.imap.mail.yahoo.com wildcard certificate.. So I simply snipped first certificate
    Code:
    -----BEGIN CERTIFICATE-----
    (data here)
    -----END CERTIFICATE-----
    Pasted it in notepad in Windows and saved it with .pem extension. Then emailed it to my other account on the Touchpad. Saved it to the filesystem. Then opened the pem in Internalz which opened it in Certificate Manager. Then refreshed my inbox, the exclamation had gone and emails were flowing freely.

    As PreEmptive has pointed out in Qualys article SHA1 is being deprecated as they are no longer considered secure meaning lots of new SHA256 certificates are coming our way!
    Once you have the proper certificate file, it should be simple. (for me it was getting them that was a problem as it's something that I've never done before)

    As per my post from a few moments ago, Getting two of my Touchpads fixed was extremely simple... just copied the files over, and got the certificates to be trusted.

    My Pre3 was another beast altogether but then, it was my "test" guinea pig.

    Others in the thread have reported that the three certificates were needed, and since the pull does provide three of them, I prefer to err on the safe side.... a couple more certificates aren't that much to worry about... while not getting emails is a problem as it's one of the main reason to have a smart phone.
    Last edited by imfallen_angel; 03/03/2015 at 02:53 PM.
    Palm M105 > M130 > Zire 71 > Zire 72 >TX > Lifedrive > Pre > Pre2 >Touchpad > Pre3(8GB) > Pre3 (16GB)
    I see a pattern...
  5. #45  
    I think we're all speculating. Is this a fault with Yahoo or can webOS not handle SHA256 automatically? Perhaps we could somehow upgrade to a newer OpenSSL to solve this? Maybe it's just a matter of root certs?

    I don't have the knowledge of any of this, but markar's solution seems to be working for most of us and may be applicable to similar problems in the future.
  6. #46  
    Quote Originally Posted by Preemptive View Post
    Have you tried installing & trusting the certs via the certificate manager? I think I read somewhere that it's not enough to put the certificates in the files system - you have to trust them via the manager. As I only placed the files in the download folder, I assume they are 'installed' in the correct location and 'approved' by the manager.
    Hi. Yes I installed and trusted them via the Cert Manager. I downloaded to WifiMediaSync directory and opened via Internal Pro Z followed by CertManager. The same steps I followed for HP Touchpad, which works fine.

    Thx
    Sent via HP TouchPad using Forums
  7. #47  
    There is certainly something else that is wrong with webos 1.4.5. These certificates are not cutting it for my Palm Pre.
    Sent via HP TouchPad using Forums
  8. #48  
    I copied the certs posted above to my Pre-3, rebooted, and now Yahoo mail is working again...THX! Now to update my touchpads...
    TouchPad 4G, TouchPad 32GB w/4.4.4
  9. #49  
    Ok, updated both TP's and they are working great...thanks!!!
    TouchPad 4G, TouchPad 32GB w/4.4.4
    Preemptive likes this.
  10. #50  
    Thanks! Updating the trusted certificate store on my Pre3 and Touchpad did the trick!
  11. #51  
    Quote Originally Posted by Preemptive View Post
    I think we're all speculating. Is this a fault with Yahoo or can webOS not handle SHA256 automatically? Perhaps we could somehow upgrade to a newer OpenSSL to solve this? Maybe it's just a matter of root certs?

    I don't have the knowledge of any of this, but markar's solution seems to be working for most of us and may be applicable to similar problems in the future.
    This is not Yahoo's fault, other than not notifying anyone when they changed the certificate and not giving us any secure location to download the certificates from. I've got no doubt this is purely an issue with WebOS. It might be that someone could hack the WebOS SSL stack to add support for SHA256. But it might be the case that the antiquated hardware on our beloved machines is just not up to the task of running the verification algorithm in a reasonable amount of time. You wouldn't want to wait 5 minutes every time your mail app tried to communicate with Yahoo.
  12. normsland's Avatar
    Posts
    31 Posts
    Global Posts
    33 Global Posts
    #52  
    Quote Originally Posted by Preemptive View Post
    I think we're all speculating. Is this a fault with Yahoo or can webOS not handle SHA256 automatically? Perhaps we could somehow upgrade to a newer OpenSSL to solve this? Maybe it's just a matter of root certs?

    I don't have the knowledge of any of this, but markar's solution seems to be working for most of us and may be applicable to similar problems in the future.
    Agreed either way this should just work. We don't usually have to trust every website when they update their ssl certificate. I wonder if this just because it's an email server or because of the Synergy connector. Anyway on to the next problem
  13. #53  
    Quote Originally Posted by normsland View Post
    Agreed either way this should just work. We don't usually have to trust every website when they update their ssl certificate. I wonder if this just because it's an email server or because of the Synergy connector. Anyway on to the next problem
    I think it's something that would normally be taken care of by an OS update with updated root certificates and supported encryption algorithms.
  14. #54  
    Quote Originally Posted by Grabber5.0 View Post
    I think it's something that would normally be taken care of by an OS update with updated root certificates and supported encryption algorithms.
    Around the time of the Heartbleed issue, I think the possibility of upgrading OpenSSL on webOS was discussed, but I guess this would be a significant effort and I don't know who is around who could / would do it.

    It turned out that the webOS OpenSSL version was too old to be affected by heartbleed! I suppose someone could research if that version had SHA256 capability. There is the slight question mark that the installed certs. are working (and the machine must be doing some processing on them), but aren't auto-upgrading. If this old OpenSSL has full SHA256 capability, that suggests it's the root certs. Some are saying only the IMAP cert is needed, but there is the possibility that installing the full chain of three delivers the root cert. that will validate others lower in the chain... (optimistic?)

    In other words, perhaps in the event of future problems, we can interogate the server, download the full chain and eventually have a set of root certs. that will work.
    Last edited by Preemptive; 03/04/2015 at 02:23 AM.
  15. #55  
    imfallen_angel's Zip archive worked like a charm on my TP. Big Thanks for that - and everyone's efforts here...Don't know what I'd do otherwise (go Android?)

    However, I'm experiencing weirdness on the Pre3... The Certification Manager upon opening is blank - except for app title and gear icon. (My TP has a least 30 certs listed, so would've thought the Pre would've had something listed.)

    When I select any of the Yahoo pem files via the gear, nothing happens. Same is true using Internals to launch the pem files.

    Over simplifying what's happening, I've had symptoms like this with Photos (290+ not displaying because of a single jpg it didn't like), and bookmarks in the web browser not listing properly either (on a Pre2).

    Any thoughts on how to resolve this would be appreciated. I'll check other forums for some insight into this.

    Thnx!
  16. #56  
    Quote Originally Posted by normsland View Post
    Agreed either way this should just work. We don't usually have to trust every website when they update their ssl certificate. I wonder if this just because it's an email server or because of the Synergy connector. Anyway on to the next problem
    Here's my understanding of how this works, with the caveat that I might be wrong:
    When a new certificate is issued, it is signed with a signature. Your computer doesn't automatically trust this certificate. By performing some cryptographic processing on this signature, it is possible to verify that the issuer of the certificate had in their possession a particular parent certificate. And by verifying that parent certificate, you can verify it came from someone with the grandparent certificate. You work your way back up the chain until you get to a root certificate that you trust or that you can verify is held by someone you trust.

    The current problem is with the verification step. Because WebOS can't handle the SHA256 verification algorithm, it can't verify certificates that are signed that way. So it can't work its way up the tree to a trusted certificate. This means that WebOS can't automatically verify any SHA256 certificates, so we have to manually say that we trust the child certificate. Then WebOS doesn't do any calculations, it just sees that this certificate is already in the trusted list. This leaves us vulnerable to some site that is spoofing Yahoo (or anyone else) with an invalid certificate, which is why you should always use the DigiCert page listed above to verify the certificate at a site before downloading it and trusting it.

    The reason everyone is switching to SHA256 is that SHA1 has been shown to be vulnerable to hacking, meaning that someone could generate a SHA1 certificate that checked out as valid, but didn't really come from the issuing authority. So, AIUI, Google has started down-grading search results for web sites that continue to use SHA1 certificates.
  17. #57  
    Quote Originally Posted by batterboy View Post
    imfallen_angel's Zip archive worked like a charm on my TP. Big Thanks for that - and everyone's efforts here...Don't know what I'd do otherwise (go Android?)

    However, I'm experiencing weirdness on the Pre3... The Certification Manager upon opening is blank - except for app title and gear icon. (My TP has a least 30 certs listed, so would've thought the Pre would've had something listed.)

    When I select any of the Yahoo pem files via the gear, nothing happens. Same is true using Internals to launch the pem files.

    Over simplifying what's happening, I've had symptoms like this with Photos (290+ not displaying because of a single jpg it didn't like), and bookmarks in the web browser not listing properly either (on a Pre2).

    Any thoughts on how to resolve this would be appreciated. I'll check other forums for some insight into this.

    Thnx!
    Silly typical suggestion, but .. have you rebooted the phone?

    How much memory left?
    clear your cache?

    My Pre3's certificate manager was blank (empty), and the first attempt to load the certificate (markar's certificate from post #23 ) wasn't doing anything either, it wouldn't bring up the "trust certificate" selection screen or anything, it wouldn't recognize it as a valid file, being the part of my frustration with it and why I posted those instructions and files.

    I rebooted and got the certificates done (the ones I've zipped and made available here, including redoing markar's certificate from post #23 ) and this time it worked.
    Palm M105 > M130 > Zire 71 > Zire 72 >TX > Lifedrive > Pre > Pre2 >Touchpad > Pre3(8GB) > Pre3 (16GB)
    I see a pattern...
  18. #58  
    Quote Originally Posted by imfallen_angel View Post
    Silly typical suggestion, but .. have you rebooted the phone?

    How much memory left?
    clear your cache?

    My Pre3's certificate manager was blank (empty), and the first attempt to load the certificate (markar's certificate from post #23 ) wasn't doing anything either, it wouldn't bring up the "trust certificate" selection screen or anything, it wouldn't recognize it as a valid file, being the part of my frustration with it and why I posted those instructions and files.

    I rebooted and got the certificates done (the ones I've zipped and made available here, including redoing markar's certificate from post #23 ) and this time it worked.
    Interesting that it worked for you after a reboot. Didn't for me, though. :-(

    I have 9.5GB free. Not sure what you mean by clearing the cache. I am concerned about memory usage on this device. I get "too many cards" to many times. Even when none are open.

    I'll keep fussing with it and let you know if anything works. Thx!
  19. #59  
    This page shows information about SHA256 compatibility: https://support.globalsign.com/custo...-compatibility

    Note: There is no mention of webOS, but Android 2.3 (Gingerbread) supported SHA256 from December 6, 2010, Windows XP supported SHA256 from Service Pack 3 (April 21, 2008). It's not a direct comparison, but XP (released in 2001) will support a 300Mhz Pentium with 128MB RAM (suggesting the computing overhead shouldn't be a problem).

    OpenSSL 0.9.8o+ supports SHA256

    Default packages available in several webOS release - WebOS Internals
    webOS 1.4.5 includes openssl - 0.9.8j-r2
    webOS 2.1.0 wr includes openssl - 0.9.8k-4

    OpenSSL v0.9.8.12-4 is available in Preware. I'm not clear if this is an upgrade or a modification to prevent an overwrite by a doctor.

    Date-wise it would be a reasonable assumption that webOS supported SHA256, but the version numbers are prior to 'o', so this would suggest not. I struggled to find information from the OpenSSL site, but this post seeems to answer the question:
    https://news.ycombinator.com/item?id=7746793

    Summary: SHA256 is supported from 0.9.8 onwards, but only enabled by default from 0.9.8o. The command, OpenSSL_add_all_algorithms() enables it, but I don't know how or where it should be applied or if webOS in fact does activate it.
    Last edited by Preemptive; 03/04/2015 at 12:41 PM.
    palmpre06062009 likes this.
  20. #60  
    Quote Originally Posted by batterboy View Post
    imfallen_angel's Zip archive worked like a charm on my TP. Big Thanks for that - and everyone's efforts here...Don't know what I'd do otherwise (go Android?)

    However, I'm experiencing weirdness on the Pre3... The Certification Manager upon opening is blank - except for app title and gear icon. (My TP has a least 30 certs listed, so would've thought the Pre would've had something listed.)

    When I select any of the Yahoo pem files via the gear, nothing happens. Same is true using Internals to launch the pem files.

    Over simplifying what's happening, I've had symptoms like this with Photos (290+ not displaying because of a single jpg it didn't like), and bookmarks in the web browser not listing properly either (on a Pre2).

    Any thoughts on how to resolve this would be appreciated. I'll check other forums for some insight into this.

    Thnx!
    As I recall, the photos problem was with Media indexer and there was a technique to restart it, possibly after removing an offending file. Search for that. I've no idea if there is a similar issue like a 'certificate indexer' or if the same process is applied to all file listings...

    I was also getting the too many cards error. The problem was fixed with the installation of uberkernel.
    Last edited by Preemptive; 03/04/2015 at 12:48 PM.
Page 3 of 12 FirstFirst 12345678 ... LastLast

Similar Threads

  1. Yahoo mail problems?
    By drummer12 in forum webOS Synergy and Synchronization
    Replies: 14
    Last Post: 12/16/2009, 01:51 PM
  2. Problems with Yahoo Mail
    By beckkk1 in forum Palm OS Devices & Apps
    Replies: 1
    Last Post: 01/28/2004, 10:31 AM
  3. Can't access yahoo mail, other problems..help!!!
    By dkill in forum General News & Discussion
    Replies: 7
    Last Post: 12/29/2003, 07:28 AM
  4. Anyone else have problems with Yahoo mail?
    By newtreouser in forum Palm OS Devices & Apps
    Replies: 6
    Last Post: 08/21/2003, 07:01 PM
  5. Problems w/ Yahoo Mail
    By smileman in forum General News & Discussion
    Replies: 3
    Last Post: 01/01/2003, 11:14 AM

Posting Permissions