maemo.org Bugzilla – Full Text Bug Listing
|Summary:||exchange sync cant handle certificate exceptions|
|Product:||[Maemo Official Platform] Synchronization||Reporter:||Justin <justin>|
|Component:||Mail for Exchange||Assignee:||unassigned <nobody>|
|Status:||VERIFIED FIXED||QA Contact:||activesync-bugs|
|Priority:||Low||CC:||andre_klapper, greg6900, jan.grabski, justin, maemo, terminal3, tuomaksen.spammiposti|
SOFTWARE VERSION: Maemo 5 1.2009.11-42.002 EXACT STEPS LEADING TO PROBLEM: 1. set up exchange sync 2. enter server and select SSL(note server requires certificate exception) 3. click Next and server connection fails with m essage saying server unavailable or account disabled EXPECTED OUTCOME: Ability to select certificate excpetion in mail app for mail servers ACTUAL OUTCOME: REPRODUCIBILITY: always EXTRA SOFTWARE INSTALLED: OTHER COMMENTS: User-Agent: Mozilla/5.0 (X11; U; Linux armv7l; en-US; rv:1.9.2a1pre) Gecko/20090928 Firefox/3.5 Maemo Browser 126.96.36.199 RX-51 N900
Thanks for reporting this. (In reply to comment #0) > EXACT STEPS LEADING TO PROBLEM: > 1. set up exchange sync For future reference, please provide exact steps- This is too vague. Which exact Exchange version does this refer to? What is the exact error message?
--> moreinfo as per last comment.
I visit company webmail site on N900. Page opens and indicates certificate is not approved. Prompts me to accept. This webmail site has a certificate that doesnt match since address(a .aero domain) is forwarded to a different domain(our .com domain). Certificate is verified by a random internal server. Bottom line, it requires you to make an exception which the browser handled no problem. SO: I try to set up Exchange access to my company's Exchange 2003 system using N900 Mail For Exchange option in Settings(note, same outcome when done from Mail app). I enter my email address, user name, password and click Next. It generates Credentials. I enter the Exchange server(same as our webmail site that needed the certificate exception in the browser) and leave SSL(port 443) checked). Click Next. Tries to connect to server and fails with error: "Error. Either server requires secure authentication or account is disabled." It does not allow me to create a certificate exception and doesn't recognize the exception I created in the browser. I had the same issue with my iPhone when it first offered Exchange. I had to wait for a next software rev to handle the certificate in the mail app. Hope that helps. Love the OS though, keep up the good work!
When using self signed root sertificate (using exchange 2007) I had very big problems getting the sync going, the wizard always ended with error "Error: Either Exchange server requires secure connection or account is disabled". I found out that MfE uses certificates from /home/user/.activesync/certs which has symlinks from /etc/certs/common-ca/. But the user imported sertificates go to /home/user/.maemosec-certs/ssl-ca and these are not symlinked to the activesync folder. After manually doing the symlink in xterm, I got the MfE working.
Confirmed using Labra's method, imported self-signed or private certificate authority chains are not recognized by MfE.
I get the same error when trying to sync with google calendar. There is also a domain name mismatch (gmail.com vs m.google.com) there, so could this be the same problem a lot of folks are complainig about on the forums?
(In reply to comment #6) > I get the same error when trying to sync with google calendar. Unrelated - Google is not supported, see bug 6343...
This has been fixed in package 10.2010.07-7 which is part of the internal build version as-daemon 0.0.3-29+0m5 (Note: 2009/2010 is the year, and the number after is the week.) "Checked this in 2007 exchange server with self signed certificate. Was able to configure the account after ignoring the "Invalid Certificate"." A future public update released with the year/week later than this internal build version will include the fix. (This is not always already the next public update.) Please verify that this new version fixes the bug by marking this bug report as VERIFIED after the public update has been released and if you have some time. To answer popular followup questions: * Nokia does not announce release dates of public updates in advance. * There is currently no access to these internal, non-public build versions. A Brainstorm proposal to change this exists at http://maemo.org/community/brainstorm/view/undelayed_bugfix_releases_for_nokia_open_source_packages-002/
Setting explicit PR1.2 milestone (so it's clearer in which public release the fix will be available to users). Sorry for the bugmail noise (you can filter on this message).
(In reply to comment #8) > This has been fixed in package > 10.2010.07-7 > which is part of the internal build version > as-daemon 0.0.3-29+0m5 > (Note: 2009/2010 is the year, and the number after is the week.) > > "Checked this in 2007 exchange server with self signed certificate. > Was able to configure the account after ignoring the "Invalid Certificate"." > > A future public update released with the year/week later than this internal > build version will include the fix. (This is not always already the next public > update.) > Please verify that this new version fixes the bug by marking this bug report as > VERIFIED after the public update has been released and if you have some time. > > > To answer popular followup questions: > * Nokia does not announce release dates of public updates in advance. > * There is currently no access to these internal, non-public build versions. > A Brainstorm proposal to change this exists at > http://maemo.org/community/brainstorm/view/undelayed_bugfix_releases_for_nokia_open_source_packages-002/ > Andre, whre can I find and install as-daemon 0.0.3-29+0m5 package ? Thanks, Greg
(In reply to comment #10) > whre can I find and install as-daemon 0.0.3-29+0m5 package ? > Thanks, > Greg I answered this already: > This has been fixed in the **internal** build version as-daemon 0.0.3-29+0m5. > A future **public** update released with the year/week later than this internal > build version will include the fix. (This is not always already the next public > update.)
*** Bug 10152 has been marked as a duplicate of this bug. ***
Tested this on my company email and it works perfectly. Asks if I want to ignore the certificate issue and then proceeds to do first sync. Nice work!