Page 17 of 47 FirstFirst ... 7121314151617181920212227 ... LastLast
Results 321 to 340 of 923
Like Tree236Likes
  1. #321  
    My thanks to Preemtive for his kelp and support.

    But I'm like a rusty old wheel. I need to go back and study some of the basics on how the entire email concept was derived and how it works. I guess I'm like the great majority of email users, I use email (hereinafter known as gmail) but I never studied what goes on behind the scenes. I only recently got involved when I decided to awaken my HP Touchpad from the grave and try to get it to work with the gmail app. I decided to try the IMAP SSL concept. So, I DO have a great deal to learn, but patience is a virtue, and I will make it my quest to understand how all of this works. My perspective at this time, is that most of this is much more complicated than I had imagined. Some of the tech guys posting here, are way more advance than I am, but I need to learn, and that will take some time. I have to say that this WebOS forum is absolutely first class...where would we be since Leo. Apothekar pulled the plug at HP, and the demise of the HP Touchpad. It was on the consumer marked tor only 45 days! I only wish that I could also contribute more helpful info on this forum.
    Preemptive likes this.
  2. #322  
    Quote Originally Posted by Jeff Marshall7 View Post
    My thanks to Preemtive for his kelp and support..
    Like I always say, "You can't harvest the seaweed without getting your feet wet."

    I'm no tech-expert. I just try to follow along and sometimes write up help in these forums into pivotCE articles for average users like me.

    Don't forget this:
    Last edited by Preemptive; 08/15/2015 at 03:05 AM.
  3. horzel's Avatar
    344 Posts
    Global Posts
    345 Global Posts
    Thinking through what NIN_ru mentioned.

    So for xs4all, it was enough to add the * cert, since falls into the asterisk.

    A * cert will then not help, since we connect to, not

    So just a cert for * should be enough.

    Or both the and

    But we shoudl not need any others

    -- Sent from my Palm Pre3 using Forums
  4. horzel's Avatar
    344 Posts
    Global Posts
    345 Global Posts
    Adding to that...

    Where he writes libpalmsocket will accept cerificates, if it can find matching.

    In other words, any time we have an imap or smtp server not working because of this error, we just need to grab the corresponding certificate for those servers.

    As I understand we do not need to follow the chain.

    -- Sent from my Palm Pre3 using Forums
  5. #325  
    Yes, this is bug in openssl, or maybe not implemented feature. mobi.optware.openssl(0.9.8l) can't help us because ability to use the digest algorithm that we need was added starting from 1.0.
    My idea(originally yours ) is to run imap email service(used by email app) linked to newer openssl. So we need to recompile it(actually only libpalmsocket). I did that, but it didn't work for me, so i guess it's better to avoid different openssl versions used simultaneously. Instead, we can run only updated imap service in it's own environment, whole LuneOS is not needed, just if you have LuneOS already, you can use this way right now.

    I agree that scrpit that updates certificates is the practical solution for now, but in long term when webOS openssl version will be outdated, it probably will not work. Actually, such time it's already has come for webOS 1.4(as far as i read). Using this way, if we are lucky and palm not heavily modified mojomail-imap since webOS 1.4, we can try to use gmail on it.

    I guess gmail in browser just works because it's web interface, and doesn't directly use imap and smtp.

    Quote Originally Posted by horzel View Post
    In other words, any time we have an imap or smtp server not working because of this error, we just need to grab the corresponding certificate for those servers.
    yes, you are right.
  6. #326  
    As we get closer to the Nov. 15 date, I'm hoping one of the smarter guys here on this forum will download the
    latest certificate and post it on this forum or possibly a link to it. If this happens, I will be able to download it to my PC and then copy it to my Touchpad using the USB cable interface. This is what I did with
    the current cert...the one that we have been calling google5.cert. For me, this seems to be the best solution for adding the newest certs. All the recent talk about OpenSSL.exe and OSSH is a little to complicated for me at this time, even though it is good advice. I'm still new to all this stuff, but I'm learning.
  7. #327  
    Oh, if they continue the way they have been, they'll update the IMAP cert dozens of time before Nov 15th.
  8. #328  
    After reading all the recent posts here, I've been thinking about all this cert stuff. So my question is...why does Google keep updating the cert so frequently? And why does this cert have a life span stated only in DAYS, not months or years? Is Google worried about hackers and attacks? An even better (dumber) question is why does Google need any certs at all? Maybe it's a built in requirement to run SSL. It just seems that these certs are creating a big headache for a lot of people.
  9. #329  
    The do-no-evil version is protecting against fake certificates until everyone is using more secure encoding methods. The conspiracy-theory version is they are trying to annoy people using old mobile devices into replacing them with new ones.
  10. horzel's Avatar
    344 Posts
    Global Posts
    345 Global Posts
    So let me do a short write up:

    Make sure you have the latest version of WebOS Quick Install; 4.6.0

    I am skipping the step of making sure you can connect to your device, those threads exists already.

    So after opening WOSQI, and your device is connected, goto Tools, Linux Commandline
    A command screen opens, running on your Palm Device, please copy and paste:
    openssl s_client -connect
    I have choosen to run the command without -showcerts, since we only need the lowest Cert

    The resulting output will look like:
    depth=3 /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
    verify return:1
    depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
    verify return:1
    depth=1 /C=US/O=Google Inc/CN=Google Internet Authority G2
    verify return:1
    depth=0 /C=US/ST=California/L=Mountain View/O=Google Inc/
    verify return:1
    Certificate chain
     0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/
       i:/C=US/O=Google Inc/CN=Google Internet Authority G2
     1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
       i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
     2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
       i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
    Server certificate
    -----END CERTIFICATE-----
    subject=/C=US/ST=California/L=Mountain View/O=Google Inc/
    issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
    No client certificate CA names sent
    SSL handshake has read 3211 bytes and written 399 bytes
    New, TLSv1/SSLv3, Cipher is RC4-SHA
    Server public key is 2048 bit
    Compression: NONE
    Expansion: NONE
        Protocol  : TLSv1
        Cipher    : RC4-SHA
        Session-ID: 9F82225F93C952BEDFAD579CEDB1F3F30409A1A557EE4C4BA199942F87D35BFD
        Master-Key: 2661C94DD022C99C94F754D8B65FB05275DCBD24BB5CF18F758F68C1A488E7A7B4931218D1D3DEB1CECC11FBBAA83E5A
        Key-Arg   : None
        Start Time: 1439737253
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)
    220 ESMTP fq15sm17610013wjc.12 - gsmtp
    From this you need to copy starting the line with: -----BEGIN CERTIFICATE----- to the line with: -----END CERTIFICATE-----

    Paste this in your favourite Notepad program, save it as eg "Gmail - Cert - SMTP.pem", make sure to set the "save as type" to "All files", to prevent Notepad from adding .txt

    Repeat these steps for IMAP, suggested name: "Gmail - Cert - IMAP.pem"
    openssl s_client -connect
    You now should have both needed pem files, you can close the command line, but keep WOSQI open.

    In WOSQI, now go to Tools again, but this time choose Send File

    Browse to where you saved the pem files, take one of them, in Destination type:
    click Send to Device

    Repeat for second file

    Now you can close WOSQI, disconnect your device and open the Certificate Manager on device. Open the Device info/Geräteinfos, open the Preferences menu, choose Certificate Manager.

    In Certificate Manager you can now add the new certificates, by using the plus icon in the right hand corner, this should show the pem files you have just put on your device.
    Preemptive and TJs11thPre like this.
  11. horzel's Avatar
    344 Posts
    Global Posts
    345 Global Posts
    Or saving the cert on device right away:
    echo | openssl s_client -connect 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /media/internal/certxs4all.pem
    linux - Using openssl to get the certificate from a server - Stack Overflow
  12. #332  
    Is this how to make my own cert ANYTIME the triangles return? Or will this prevent triangles from ever returning? Please confirm or clarify. Thanks again!

    Damn triangles! Lol
    Sporting my 13th Pre device, a NOS unlocked ROW Pre3!
  13. #333  
    Quote Originally Posted by TJs11thPre View Post
    Is this how to make my own cert ANYTIME the triangles return? Or will this prevent triangles from ever returning? Please confirm or clarify. Thanks again!

    Damn triangles! Lol

    This is what needs to happen every time Google updates the certificate. It's the command that is in my script. I can post it now, or everyone can just run that, while I work on making it run periodically. Running it daily would be preventative action, though there's still a good chance a manual run will be required once in a while if the update happens between script executions.
  14. #334  
    It would seem that the great majority of people using Gmail, know absolutely nothing about SSL certificates. All they want to do is send and receive messages using Gmail. Many are most likely unaware that their messages are being sent and received using HTTPS. So this must mean that the Gmail program can be installed on almost any computer that uses the most popular OS software such as MS Windows, or Apple IOS. The end user does not need any technical knowledge about how it works. But it appears that when running WebOS, some technical knowledge IS required. We don't have MS or Apple to do the leg work for us. We have to get involved and do the leg work ourselves. In fact, when I wanted to set up IMAP Gmail on my Touchpad, Google supplies all the relevant settings...port numbers, SSL, TLS, server names, etc. But they never mention anything about certificates. And yet they are required. How strange is that? And it seems that they update their server certificate quite often, almost at random. So, if we do the required work, we can download and install their latest cert. You would think that Google would make their latest server cert. available for anyone to download and install on their client without a lot of technical knowledge...even when using WebOS. How hard could that be?
  15. #335  
    I know it's a bit confusing if you aren't real technical. It isn't that Google isn't making the certificate available, because they are - it's being returned automatically with the response from the mail server. The problem is the email client isn't able to automatically accept the new format of the cert, even though the browser is able to. Based on the article I read, it appears to be a security precaution due to weaknesses in the old encoding method. The biggest problem is that webOS is no longer supported by Palm or HP, who would need to make the required updates to accommodate the new certificate. Because of that, we are left to find solutions on our own.
    petbull and Jeff Marshall7 like this.
  16. #336  
    It was done also done by webos automagically like in all other OSes until this year google changed (for good security reasons a.k.a Snowden sake) to a new hash algorythm, explained e.g. here:

    On top e.g. supported browsers will have old style certificates marked as bad and will display a user message, which could happen in Mailclients too.

    The problem is that as you mentioned we don't have a vendor backing us by updating all the apps to have that advanced security still working automagically. On other unsupported OSes you would have to do that manual work too.

    Why they changed it so often is to their wisdom only, i generated our companys sha256 only once, but i think their "5th" interation now is stable for over a week, so perhaps there is hope
  17. #337  
    Dann grabber why are you up so soon this time, now we have "double post"
  18. horzel's Avatar
    344 Posts
    Global Posts
    345 Global Posts
    Even though it is double, you both explain it in different words, which gives more people an optio to understand

    -- Sent from my Palm Pre3 using Forums
    Preemptive and Grabber5.0 like this.
  19. gsfx's Avatar
    101 Posts
    Global Posts
    110 Global Posts
    Quote Originally Posted by gizmo21 View Post
    Here is another one, I wonder why the whole trustchain is not working correctly. Usually those servercert changes are common and are not a problem as long the cerchain to the CA is correct. Shouldn't we just add the new geotrust CA cert and google G2 cert to the trusted CAs folder on device instead of adding them in certmanager and shouldn't bother about the imap certs anymore?

    Mambo eerg Certificate Nr 5:

    -----END CERTIFICATE-----
    Attached google5imap.pem now as .pem.txr rename to .pem and open it with Certmanager or internals Pro.
    This one did it! Thank you!
  20. #340  
    Thank you gizmo21 for providing the certificate for GMail. It has got my Pre3 working with GMail again.

    Richard Corner

Similar Threads

  1. Replies: 23
    Last Post: 09/04/2015, 11:51 AM
  2. "Requested encryption not supported by server"
    By freebirds in forum webOS Tips, Info & Resources
    Replies: 14
    Last Post: 02/28/2015, 07:33 AM
  3. Replies: 3
    Last Post: 11/10/2014, 04:31 AM
  4. CM9 Encryption Unsuccessful Touchpad Error
    By JackisBack in forum Android on webOS
    Replies: 6
    Last Post: 08/04/2012, 11:51 AM
  5. Can not access 128 encryption server (sercurity) error code 18
    By quedawg in forum Palm OS Devices & Apps
    Replies: 0
    Last Post: 02/06/2005, 02:16 PM

Posting Permissions