Page 7 of 8 FirstFirst ... 2345678 LastLast
Results 121 to 140 of 151
  1. #121  
    I just noticed an interesting thing with my situation. When I test our cert from out provider's website (SSL Certificates DigiCert Digital SSL Certificate Authority) it pulls the cert from our firewall and not from our Exchange server ergo the cert name mismatch. That is why I keep getting the stupid SSL cert error even though I have it installed on my Pre. I guess I have to wait until I can physically turn SSL off like on other smartphones. Anyone else run into a situation like this?
    Palm History: Palm III>IIIc>CLIÉ NR70v>CLIÉ TG50>Tungsten C>Treo 650>Treo 700p>Centro>Pre!! 6/5/09
    Phone History: Way too long

    Sorry Timmy, SERO does not work with the Pre.
    If you have an iTouch click me.
  2. #122  
    Quote Originally Posted by degfu View Post
    The account seems to be setup correctly but all I get is an empty Outbox. Nothing syncs with the phone.
    I'm also having this problem......

    With things running like this I can send e-mail via the Exchange server.
  3. #123  
    Quote Originally Posted by Major.Malfunction View Post
    ... I mentioned in another post it looks like the Pre does not have the ability to do client side certs for authentication, at least in EAS it does not. The iPhone also has this limitation and it is just plain stupid...
    Clearly, the Pre needs additional work on support for EAS and SSL - but are we sure client certs are truly not supported at this point?

    Has anyone gotten EAS working with root and client certs?

    Our experience is that iPhone's do in fact have the ability to present client certs for authentication with EAS. We have 80+ iPhone users running EAS successfully connecting to the same Exchange server I am trying to connect to using the Pre and the same root and client certs. We have seen some reliability issues where authentication will fail up to 10% of the time for some unknown reason but generally it works enough to keep the users happy. At least until the new iPhone software comes out where it seems to have been broken based on our early testing...

    Again, I would love to hear from anyone who has successfully connected to EAS with a combination of root and client cert.

    - Chris
  4. #124  
    Try turning off the forms based authentication on the Exchange server and see if that makes things fire up. I'm using a combination of root and client cert and that is what got it working for me.
  5. #125  
    Quote Originally Posted by Major.Malfunction View Post
    If you are getting this message, that means you have an authentication policy requiring the client side to use certificates for part of the authentication process. I mentioned in another post it looks like the Pre does not have the ability to do client side certs for authentication, at least in EAS it does not. The iPhone also has this limitation and it is just plain stupid. However, the Pre also does not have the ability to accept an EAS policy from an Exchange server that says you need to secure this thing with a PIN of x amount of digits, etc.

    Palm did announce that they are going to fix EAS, but it will be interesting to see what exactly they think needed to be fixed.
    It appears you know this stuff better than most of us. However, there are folks with self-signed certs that are working just fine with the Pre. Unfortunately their settings and certificate have to be generated "just right." I believe this is what CKGoodwin is looking for answers for because he (like I) would rather not wait for the soon-coming update. If you can help with this instead of joining us in our recounting what the Pre won't do, that would be most helpful.

    CK, what I heard/read was that the Pre may be checking that the Issued by data is DIFFERENT than the subject and issued to data. The cert generated by my IT dept is the same and I was told for it to work it needs to be different. Am I sure? Nope, my IT decided to go for a GoDaddy cert. I was pleasantly surprised until someone posted a letter from Godaddy indicating that the Pre use a outdated encoded for certs (not UTF-8) and therefore might not work with their certs either.

    This is way more complicated than it should be and what is irritating is ABSOLUTELY NOTHING official from palm about what will or won't work. Phone support is CLUELESS!!!!!!!!!!!!
  6. #126  
    Pretty sure that mail from GoDaddy that was posted on the Palm Support forums was a boiler plate e-mail referring to issues with the PalmOS (as opposed to WebOS). I found references to the issues Palm devices had with GoDaddy UTF8 encoded certs going back to Oct 2008. There is no solid evidence that is actually an issue with the Pre/WebOS.

    But ditto to realistdreamer on wanting to get more specifics on what configs people have actually gotten working. Near as I can tell it's mainly been self-signed certs.

    ryleyinstl - would love to hear more about your specific config since you are using root and client certs. Our EAS config already has forms based authentication turned off so that was not our issue.

    Overall, agree that this is definitely more complicated than it should be. I am working closely with my IT counterparts in Windows support and they have a pretty good handle on setting up secure mobile device access to Exchange with good sized groups of BlackBerry, iPhone and Palm devices all currently working. How much of the blame for these challenges lies with Palm and how much with Micro$oft remains to be seen, but it seems like many of us are going to have to wait for some sort of fix from Palm.

    - Chris
  7. #127  
    Quote Originally Posted by ckgoodwin View Post
    ryleyinstl - would love to hear more about your specific config since you are using root and client certs. Our EAS config already has forms based authentication turned off so that was not our issue.
    - Chris
    I'm running a stock config of Windows Server 2003 SBS. I installed the Windows Certification Authority and created a self singed certificate for our external OWA URL/domain (xxx.xxxxxx.com). Then I went into the IIS server and made sure that this was the certificate that was being used for connections to the Exchange OWA virtual directory. I then e-mailed the root self signed certificate to the Pre, opened it and accepted it. Then I set up EAS on the Pre.

    I should mention I had no luck just pointing the Pre to xxx.xxxxx.com/exchange, I actually had to tell it to look at the Microsoft-Server-ActiveSync virtual (check to make sure this is secured if you do it) for things to flow.

    Given how easy to is to make your own self signed cert I'm not sure why SSL would be an issue for IT departments to deploy.

    Check your IIS logs to see what is going on. That is what gave me the idea to try connecting to the ActiveSync virtual. Interestingly my Pre tells the IIS server that it is running 1.0.1 of WebOS....strange.
  8. #128  
    i've exported my ssl cert and it tells me to check the time and date.. all is valid on the cert, phone, server

    any ideas?

    i've tried our mail.mydomain.com ssl cert from godaddy.. its installed on the phone

    ugh!
  9. #129  
    I have the certs and everything.. Someone willing to RDC or help me? I'll paypal you or something..

    Is that right? *.mydomain.com

    Really would like this to work.. Otherwise I go back to the blackberry.

    the webmail is mail3.mydomain/exchange

    Code:
    http : /  / www . cirial . com / upload / files / 2 / Untitled.png
    SSL works but is not forced.. so https ://mail3.mydomain works
  10. #130  
    Quote Originally Posted by logie View Post
    i've exported my ssl cert and it tells me to check the time and date.. all is valid on the cert, phone, server
    any ideas?
    i've tried our mail.mydomain.com ssl cert from godaddy.. its installed on the phone
    ugh!
    If you go to mail.mydomain.com with your web browser and use the SSl cert from GoDaddy do you get any warnings/error messages?

    Before you do this make sure to delete any other certs or security exceptions you may have for mail.mydomain.com and re-import the SSl cert from GoDaddy that you are using on the Pre. This will insure that you are testing the same cert as your phone is using.

    May also want to try deleting and recreating the Exchange Account on the phone and/or deleting and reimporting the cert in the Pre web browser.

    Perhaps you could wipe the phone clean with the restore tool and try again.
  11. #131  
    Quote Originally Posted by logie View Post
    Code:
    http : /  / www . cirial . com / upload / files / 2 / Untitled.png
    I could be wrong here but shouldn't the issued to field have your domain in there? If not then the cert will not work (on the Pre)? That's my understanding anyway.
  12. #132  
    Quote Originally Posted by ryleyinstl View Post
    ... I then e-mailed the root self signed certificate to the Pre, opened it and accepted it. Then I set up EAS on the Pre.....
    Thanks for the additional info ryleyinstl. What about the client cert though? In our config, the Exchange admins also generate a user specific client cert for each AD user needing access to EAS. The root cert works ok for us, it's with the client cert that we seem to be having trouble.

    Were you able to get the client cert working as well?

    - Chris
  13. #133  
    Quote Originally Posted by ckgoodwin View Post
    Were you able to get the client cert working as well?
    - Chris
    Sorry I may have lead you astray with my post above from yesterday claiming that I was going root/client cert. I was busy and might not have been reading what I was typing. In fact we have just been using root cert.

    I could create a client cert out to see if that screws it up.

    Also, could your IT folks just set the server to accept client certs (rather than insist on them) for like 2 minutes for you to see if that is the issue?
  14. #134  
    Quote Originally Posted by ryleyinstl View Post
    I could be wrong here but shouldn't the issued to field have your domain in there? If not then the cert will not work (on the Pre)? That's my understanding anyway.
    I edited it out with photoshop for safety..

    I'm going to try the other suggestion, will report back
  15. #135  
    No dice
  16. #136  
    On the phone with Sprint support now, I am able to get to the secure web site. Non-SSL just gives Outbox, but no email or syncing. SSL-EAS gives me the SSL cert. error. Is the date and time correct?
    I have a few cert's installed, but none of them are working...
  17. #137  
    Quote Originally Posted by peregrine View Post
    Based on what I've been able to deduce here, elsewhere on the web, and from my own experience, the answer to this question seems to be a big, fat no. Palm dropped the ball big time, and completely forgot about us non-SSL using customers. How they managed to make this mistake, I really have no idea.

    And you're right; Apple did, in fact, get this right. And why shouldn't they have? It's certainly easy enough. The real question is how Palm managed to f' it up.
    Seriously people it's 2009 SOX,HIPAA,GLB I guess the masses are just a bunch of mom and pop shops that don't need to meet any federal guidelines. No wonder Obama has to have a Cyber Czar because everyone is IT illiterate. Apple did not have support for this at the beginning either. Apple and Palm both f' up by lowering their standards to the lowest common denominator. I guess making money trumps protecting the customer above all else.
  18. #138  
    need help!!!!!!!!!!!!!!!!
  19. BenS_aTm's Avatar
    Posts
    58 Posts
    Global Posts
    69 Global Posts
    #139  
    Exchange is a fun creature to deal with. If you are an IT person and you know Exchange and IIS, then this really should not be an issue. If you are not an IT person, then you should get your IT department to work with it. Also, SSL Certificates are only $20.00 and it makes your email SECURE. I have a Godaddy certificate and it works fine. SBS 2003 and 2008 are definitely a lot easier to configure for Active Sync out of the box. But talk to your IT department and get them to get a SSL Certificate ...
  20. #140  
    Quote Originally Posted by peregrine View Post
    Based on what I've been able to deduce here, elsewhere on the web, and from my own experience, the answer to this question seems to be a big, fat no. Palm dropped the ball big time, and completely forgot about us non-SSL using customers. How they managed to make this mistake, I really have no idea.

    And you're right; Apple did, in fact, get this right. And why shouldn't they have? It's certainly easy enough. The real question is how Palm managed to f' it up.
    It took a few releases of code before their devices would allow connectivity without a valid cert.
Page 7 of 8 FirstFirst ... 2345678 LastLast

Tags for this Thread

Posting Permissions