Page 4 of 8 FirstFirst 12345678 LastLast
Results 61 to 80 of 151
  1. #61  
    Quote Originally Posted by bpdamas View Post
    I agree. This can all be accomplished. Some of the frustration is that I shouldn't have to. Plus, then I will have to convince our IT department to do it (they probably will but it still takes some convincing), walk them through it, and then make sure it doesn't interfere with everyone else's phone. This all seems like too much of a hassle when it can and should be solved on palm's end. I am potentially willing to wait until they do but will determine that by how satisfied I am closer to the 30 day period.
    I totally understand the point that non-ssl should be supported (for non business use) and I hate to kick a dead horse but I don't blame Palm for not including it.

    Best practices in a exchange evironment is to secure your server by the use of an ssl certificate. No business level exchange server should be with out ssl and who ever built your exchange environment did it wrong. So in my eyes being in the IT field can't say it's Palms fault for not including that option. The average user does not have a exchange server they connect to so its not really an issue. At a business/enterpirse level it's obserd to think an exchange server is not secured.
  2. #62  
    Quote Originally Posted by jeffgus View Post
    Exactly! I have DNS setup so that people on the inside of the network can use public internet names for some services (email!). That way the certificate contains the proper hostname inside and outside of the firewall.



    It doesn't cost anything! I use cacert.org! It's free! Installed the cacert.org root certificate in the PrPrPr&#$275$; $and$ $I$'$m$ $good$ $to$ $go$ $for$ $any$ $site$ $that$ $uses$ $cacert$.$org$ $certificates$ ($there$ $are$ $quite$ $a$ $few$ $out$ $there$). $I$ $created$ $a$ $link$ $to$ $the$ $cacert$.$org$ $root$ $certificate$ $so$ $my$ $users$ $can$ $easily$ $find$ $it$ $and$ $install$ $it$ $if$ $they$ $need$ $to$. $I$ $provision$ $all$ $the$ $corporate$ $boxes$ $with$ $the$ $cacert$.$org$ $certificate$ $already$ $installed$.
    While I agree with what you are saying and what Major.Malfunction is saying, as soon as you apply a certificate that opens the door to many more responsibilities that can be easily overlooked and sometimes not able to be kept up with. If you pay for the certificate, then you have to remember to keep it up to date and renew the certificate. You also have to make sure that every phone that hooks up to it is compatible (palm pre, case in point........in reverse). Creating one more than likely won't give the same results as a company that provides them so it defeats the purpose of even having one. Our IT department is in constant demand with user requirements let alone the requirements that the technology has. Security certificates for the one user in the office with a palm pre would more than likely not be a priority for them. All of these things combined is why it should be up to the user and not palm.
  3. #63  
    Quote Originally Posted by bpdamas View Post
    While I agree with what you are saying and what Major.Malfunction is saying, as soon as you apply a certificate that opens the door to many more responsibilities that can be easily overlooked and sometimes not able to be kept up with. If you pay for the certificate, then you have to remember to keep it up to date and renew the certificate. You also have to make sure that every phone that hooks up to it is compatible (palm pre, case in point........in reverse). Creating one more than likely won't give the same results as a company that provides them so it defeats the purpose of even having one. Our IT department is in constant demand with user requirements let alone the requirements that the technology has. Security certificates for the one user in the office with a palm pre would more than likely not be a priority for them. All of these things combined is why it should be up to the user and not palm.
    I don't think you have a total understanding what an ssl cert does. They are not specifically for cell phone use. If you connect into that server for any other reason than mail you should have a certificate. If you don't you are really putting your email and password in clear text out on the internet for practically anyone to see. And in most environments your username and password is the same you use for your business's domain access (not smart). So not only can someone access your mail but also every share or file you have on your entire network. So to say its not a priority for your IT staff is just ridiculous.
  4. #64  
    Quote Originally Posted by syphex View Post
    I totally understand the point that non-ssl should be supported (for non business use) and I hate to kick a dead horse but I don't blame Palm for not including it.

    Best practices in a exchange evironment is to secure your server by the use of an ssl certificate. No business level exchange server should be with out ssl and who ever built your exchange environment did it wrong. So in my eyes being in the IT field can't say it's Palms fault for not including that option. The average user does not have a exchange server they connect to so its not really an issue. At a business/enterpirse level it's obserd to think an exchange server is not secured.
    Well you might need to have a chat with my IT department. We are definitely a business level exchange and do not have a security certificate. They do their job extremely well and I am not about to tell them how to do it.

    Plus, just because you have a security certificate that does not mean your server is secured. Those are two separate items. A security certificate just tells the world you are secure. In actuality, the certificate does not make you secure. It potentially can be like having an ADT sign outside your house even though you know there is know security systems installed in your house. Will people be less likely to break in? Yes. Does it make your home secure? No. That is why some IT departments (our included) does not feel they are necessary. Unless, of course, to support the palm pre.

    By the way, I am relating all of this to the self signed certificates that I see people are installing. Not other types.
  5. #65  
    Quote Originally Posted by syphex View Post
    I don't think you have a total understanding what an ssl cert does. They are not specifically for cell phone use. If you connect into that server for any other reason than mail you should have a certificate. If you don't you are really putting your email and password in clear text out on the internet for practically anyone to see. And in most environments your username and password is the same you use for your business's domain access (not smart). So not only can someone access your mail but also every share or file you have on your entire network. So to say its not a priority for your IT staff is just ridiculous.

    Answer me this one? Can you make websites secure without the use of an ssl certificate? Maybe this will help me better understand them.
  6. #66  
    Quote Originally Posted by syphex View Post
    Has anyone that uses ssl on a different domain then the certificate says gotten your eas to work?
    I never got mine to work. I honestly believe that this is a bug - the Pre is not recognizing that multiple CNs exist in one cert. I finally used a free certification service that the Pre recognized the first try (I'm running my own SBS 2003 server).

    If you're interested, see the StartSSL Free link. (I'm going to post details about this later tonight, when I'm not at work).
  7. #67  
    Quote Originally Posted by pehaada View Post
    Why not install a signed cert on your server ? You can get a free class 1 SSL cert at www,startssl,com Certificates & Public Key
    They also have other low cost options depending on your needs.

    We had an unsigned cert after these certs got installed I had no isssue. Exchange got connected right up. You still have to install the 2 root certificates on your phone. These certs are not included in the palm.

    You can get the root cert here cert,startcom,org/?app=138 This also helps out with doing webmail access no annoying cert messages nay more
    I got StartSSL, and did not have to install the root certificate.
  8. #68  
    Quote Originally Posted by bpdamas View Post
    ...
    Our IT department is in constant demand with user requirements let alone the requirements that the technology has. Security certificates for the one user in the office with a palm pre would more than likely not be a priority for them. All of these things combined is why it should be up to the user and not palm.
    This is not a "one user issue" for your IT department. They are allowing everyone who uses web access to broadcast their username and password for Exchange/Outlook (which is also their corporate username and password) in clear text across the internet.

    They should fix this, and thank the "one user" that caused them to rethink what they're donig.
  9. #69  
    Quote Originally Posted by bpdamas View Post
    Answer me this one? Can you make websites secure without the use of an ssl certificate? Maybe this will help me better understand them.
    You cannot make anything in IT "secure", unless you disconnect all the cables, and lock it in room. All you can do is manage risk.

    However, to answer what you are trying to ask, SSL make the data being transmitted more secure, by encrypting the data before it's sent.

    I'll try a simple explanation. When you put in information (such as your user ID and password) in an HTTP:// site, it is broadcast in "clear text" packets. Meaning anyone that has any sort of access (including access to the routers upstream from you) can capture those packets, and read the information in them.

    HTTPS:// sites use SSL - Secure Socket Layer. This encrypts that data, so that if the packets are captured, they are gibberish.

    An SSL certificate is something that "certifies" (from a known source) that your web site is who it says it is. That way, I'm not spoofing being "https://www,big_bad_bank_that_hasnt_gone_under_yet.com" to capture your information.

    A self signed certificate is a cert that the user created themselves. Obviously, if the user is unknown, and someone "accepts" their certificate, they' just taken "the word" of an entity that they don't know.

    With the Pre, self-signed certs have to be sent to the Pre for it to import them. To further aggravate the issue, apparently the Pre is not properly accepting self-signed certificates that have multiple cn's in them.
  10. #70  
    Quote Originally Posted by hparsons View Post
    You cannot make anything in IT "secure", unless you disconnect all the cables, and lock it in room. All you can do is manage risk.

    However, to answer what you are trying to ask, SSL make the data being transmitted more secure, by encrypting the data before it's sent.

    I'll try a simple explanation. When you put in information (such as your user ID and password) in an HTTP:// site, it is broadcast in "clear text" packets. Meaning anyone that has any sort of access (including access to the routers upstream from you) can capture those packets, and read the information in them.

    HTTPS:// sites use SSL - Secure Socket Layer. This encrypts that data, so that if the packets are captured, they are gibberish.

    An SSL certificate is something that "certifies" (from a known source) that your web site is who it says it is. That way, I'm not spoofing being "https://www,big_bad_bank_that_hasnt_gone_under_yet.com" to capture your information.

    A self signed certificate is a cert that the user created themselves. Obviously, if the user is unknown, and someone "accepts" their certificate, they' just taken "the word" of an entity that they don't know.

    Apparently, the Pre is not properly accepting self-signed certificates that have multiple cn's in them. And, to further aggravate the issue, self-signed certs have to be sent to the Pre for it to import them.
    Exactly. My point is are there other ways of accomplishing this same type of encryption without using a security certificate? If not, then maybe they should rethink what they are doing. However, I have some suspicions they might be okay........
  11. #71  
    Quote Originally Posted by bpdamas View Post
    Exactly. My point is are there other ways of accomplishing this same type of encryption without using a security certificate? If not, then maybe they should rethink what they are doing. However, I have some suspicions they might be okay........
    Web browsers require a certificate for SSL. However, it can (usually) be a self-signed certificate.

    The certificate requirement adds another layer of protection. It basically says that either a known entity knows the source of the host computer (public certificate), or you know the source of the host computer (self signed certificate).

    Palm could rewrite the EAS so it does not require a certificate, and still uses SSL, but it would be less secure.
  12. #72  
    Quote Originally Posted by hparsons View Post
    Web browsers require a certificate for SSL. However, it can (usually) be a self-signed certificate.

    The certificate requirement adds another layer of protection. It basically says that either a known entity knows the source of the host computer (public certificate), or you know the source of the host computer (self signed certificate).

    Palm could rewrite the EAS so it does not require a certificate, and still uses SSL, but it would be less secure.
    If your IT department basically has the security and encryption given by SSL and certificates, what is the point of another certificate just to make a phone work? That is why I think they should make it an option.
  13. #73  
    Quote Originally Posted by dannns View Post
    If you are getting "SSL certificate error. Is the date and time correct?" while setting up the EAS account, it is very likely that you are using a self-signed certificate. These steps should help you or your IT administrator getting and installing the correct certificate from the server into the WebOS.

    The certificate you need to install is the root certificate from the certificate authority, and not the domain one you get in the browser.

    To get this certificate in Windows Server 2008 you can follow these steps (2003 should be similar)

    1. Start > Administrative Tools > Certification Authority
    2. Right click on your root authority (right under Certification Authority)
    3. Select properties
    4. Select the latest certificate, and then hit View Certificate
    5. Select the Details tab
    6. Hit Copy to File...
    7. Click Next >
    8. Choose Base-64 encoded X.509 (.CER), click Next >
    9. Browse for the file location, click Next >
    10. Click Finish.
    11. That's it, just email yourself the generated file as attachment, open the attachment, Trust the Certificate, and you should be good to go.


    Good luck!
    Not clear whether I need IT to do this or I can do it on my local computer. Also not clear what I should name the file before I save it or if it matters.
  14. #74  
    Quote Originally Posted by bpdamas View Post
    If your IT department basically has the security and encryption given by SSL and certificates, what is the point of another certificate just to make a phone work? That is why I think they should make it an option.
    You are missing the point. If they made it an option (and they well might), then you are by-passing the certificates that your IT department set up.

    If your IT department is using self-signed certs, then the problem isn't that the Pre won't bypass them, the problem is that the Pre won't properly accept the certificates.
  15. #75  
    Quote Originally Posted by hparsons View Post
    You are missing the point. If they made it an option (and they well might), then you are by-passing the certificates that your IT department set up.

    If your IT department is using self-signed certs, then the problem isn't that the Pre won't bypass them, the problem is that the Pre won't properly accept the certificates.
    This is my problem and the first post of this thread was to try to resolve this. Palm has a similar post on their "answers" page. Hopefully my IT people can figure out what SSL Certificate Authority Certificate I need because I don't know how to get it from my local PC.
  16. #76  
    Quote Originally Posted by realistdreamer View Post
    This is my problem and the first post of this thread was to try to resolve this. Palm has a similar post on their "answers" page. Hopefully my IT people can figure out what SSL Certificate Authority Certificate I need because I don't know how to get it from my local PC.
    I don't think the current version of the Pre is going to do it. I believe it's a bug in their (the Pre's) system on how it looks at certs with multiple CNs.

    I say that because I sent the actual certificate from the root of my server. The certificate was mined using the name "matt.parsonsys.com" (along with the other CN's - common names - that the server uses). The pre saw it, every time, as matt.ps.local (the Active Directory domain and name that I use). The Pre ignored the rest of that CNs, thus would not work.

    That said, you don't have to have your IT department send you the root certificate. You can export it from a browser. I've found that it's actually easier from FireFox, but can be done from IE. Do a quick google search on "export certificate" and your browser of choice.
  17. #77  
    Quote Originally Posted by hparsons View Post
    You are missing the point. If they made it an option (and they well might), then you are by-passing the certificates that your IT department set up.

    If your IT department is using self-signed certs, then the problem isn't that the Pre won't bypass them, the problem is that the Pre won't properly accept the certificates.
    I do not think that I am missing the point. They are not using certificates at all. Is it possible to make something "secure" without using certificates? If the answer is no then my IT department is all sorts of backwards. If the answer is yes, then maybe you will start getting my point.

    All in all, I am not trying to be confrontational. I am simply not understanding why palm didn't include this as an option. I really am enjoying this phone. To be honest, I would just like to get this EAS thing figured out without having to do any work. So if palm send and update I will keep the phone. If they don't, I might not keep it. I haven't decided that yet.
  18. #78  
    Quote Originally Posted by hparsons View Post
    You can export it from a browser. I've found that it's actually easier from FireFox, but can be done from IE. Do a quick google search on "export certificate" and your browser of choice.
    I'm not sure which certificate I need... and there are a lot. Is it okay to delete all of them and just sign into my owa to re-trust them via firefox then export them to my phone?

    Is there anything wrong with deleting all certificates from my computer? (in order to find which go with my owa)
    Last edited by MLJones8; 06/09/2009 at 11:00 PM. Reason: spelling
  19. #79  
    Quote Originally Posted by hparsons View Post
    I don't think the current version of the Pre is going to do it. I believe it's a bug in their (the Pre's) system on how it looks at certs with multiple CNs.

    I say that because I sent the actual certificate from the root of my server. The certificate was mined using the name "matt.parsonsys.com" (along with the other CN's - common names - that the server uses). The pre saw it, every time, as matt.ps.local (the Active Directory domain and name that I use). The Pre ignored the rest of that CNs, thus would not work.

    That said, you don't have to have your IT department send you the root certificate. You can export it from a browser. I've found that it's actually easier from FireFox, but can be done from IE. Do a quick google search on "export certificate" and your browser of choice.

    Thanks for the reply. I actually had IT get me the cert. I loaded it, "trusted" it and NOTHING. Same error. L2 support is clueless about this stuff as am I. the common name that shows up in Cert Manager is *.Domain. I'm in gov't, so the domain is like *.district.dept.state.us. Don't know if that matters and don't know how to check if we use multiple CNs.

    Sounds like you're saying wait for L3 support to fix. Is this something core to OS or a security issue where they need to think of the security implications of a fix?

    Lastly, as someone else mentioned, how do we know which certificate to export?
  20. Obscura's Avatar
    Posts
    147 Posts
    Global Posts
    148 Global Posts
    #80  
    Quote Originally Posted by bpdamas View Post
    Sweet. How does that help with EAS??????
    The same upgrade might have included support for non-ssl EAS? :-\
    Obscura
Page 4 of 8 FirstFirst 12345678 LastLast

Tags for this Thread

Posting Permissions