So.. with Nexus One's Activsync integration, there was an option "accept all ssl"
With my incredible, it does not have that option (that I can see).. Therefore with a custom certificate from my company's security team, I constantly get warnings for the certificate. Very annoying and prevents me from syncing well.
Thoughts? Solutions?
Please move this to appropriate forum if I'm in wrong place. Thanks in advance.
I allowed me to chose SSL. From in your Exchange Active sync do the following:
Menu -> More -> Settings -> Account Settings
Scroll down to below the password or you can close the virtual keyboard and you should see it.
Thanks for your reply..
However, that option just says "This Server requires an encrypted SSL connection"
The old version had an option to accept all SSL Certificates.
This means, a custom signature coming from a very large technology company's, very extensive IT security team, will be accepted in any way shape or form.
Alternatively, if the certificate is "not from a trusted authority", then you get the warning over and over and over and over.. whether you accept it or not.
my company is using a godaddy cert, it works fine. i tried setting it up for a client who has 07 exchange and a cert, but its not a well signed one, it wouldnt work at all. so not that it is the best solution but u could get a godaddy cert for yourself.
iamodogg said:
I constantly get warnings for the certificate. Very annoying and prevents me from syncing well.
Click to expand...
Click to collapse
What is the warning? Do you know if they have their cert setup correctly?
I'm currently using the Touchdown app and using SSL. I haven't seen any warnings.
Touchdown will work fine. The certificate is obviously custom-built. We are a 60k employee company. They are not going to change the very for the limited android users.
Again, the 2.0 OS had a feature built in that allowed you to choose to accept all certificates.
Thanks for the work around/alternatives. Still hoping for a fix.
-------------------------------------
Sent via the XDA Tapatalk App
i had a clients incredible and it just wouldn't work, they were using a self sign certificate and exchange 07. i tried every setting i could, even after the software update1. yesterday i was determined to get it to work so i searched and searched. It just keep saying it couldnt authenticate. From what I found a couple things could work.
What I did:
I opened the browser and went to the company owa site. https://mail.company.org/owa, then onces there I could log in. I logged in as the user and it asked me to accept the certificate so I did. Then I was able to get into the users box. Then I added the exchange activesync account next and it work with one minor change in the domain field ( i just erased it). Form what I understand the autodiscover service on IIS needs to be running and working. Not 100% sure, but I got it to work so its worth a try.
What I tried, but didnt work:
Several sites said as long as you are connected to the network, but don't have internet then so the setup and it will continue. Then once it is setup then plug the internet back in and it will ask you to accept the cert and u just say yes. the option which you are talking about no longer looks available. Again its worth a try
Hope this helps
Yeah not sure what the OP means by "Custom Cert" as it's either a valid cert from a trusted CA or it's self signed. Nothing in between. I don't know why a company with 60K employees though would not have a valid SSL cert though...
Look at the cert properties and make sure the server name you are using on the phone matches the name on the cert exactly (if you haven't checked that already). This is the "Issued to:" field...
All of a sudden I can no longer disable my screenlock. I recently enabled it briefly during a week long trip out of the country (in case the phone got stolen or lost), but am now unable to disable it.
When I go to Settings->Security->Screenlock, it asks for my PIN, and then I am given the standard screen to "Select screen lock".
The options are as follows:
None (Grayed out)
Disabled by administrator, encryption policy, or credential storage.
Slide (Grayed out)
Disabled by administrator, encryption policy, or credential storage.
Face Unlock (Grayed out)
Disabled by administrator, encryption policy, or credential storage.
Pattern (Enabled)
PIN (Enabled)
Password (Enabled)
I have 3 gmail accounts, neither of them have any sort of device administrative features that I know of enabled.
Any ideas?
npike said:
All of a sudden I can no longer disable my screenlock. I recently enabled it briefly during a week long trip out of the country (in case the phone got stolen or lost), but am now unable to disable it.
When I go to Settings->Security->Screenlock, it asks for my PIN, and then I am given the standard screen to "Select screen lock".
The options are as follows:
None (Grayed out)
Disabled by administrator, encryption policy, or credential storage.
Slide (Grayed out)
Disabled by administrator, encryption policy, or credential storage.
Face Unlock (Grayed out)
Disabled by administrator, encryption policy, or credential storage.
Pattern (Enabled)
PIN (Enabled)
Password (Enabled)
I have 3 gmail accounts, neither of them have any sort of device administrative features that I know of enabled.
Any ideas?
Click to expand...
Click to collapse
Check Security->devices administration if there is anything like an app or an account that is running like an administrator delete it and try again.
Also when i had problems with face unlock freezing and rebooting i just unistalled some apps and then it was working flawlessly.
Hope that helps.
Sent from my Galaxy Nexus
The only thing there is Lookout, and it is not enabled.
EDIT: Uninstalled Lookout, still disabled
Do you have full device encryption or a work exchange account on the device?
Do you use a VPN connection?
No exchange accounts, only gmail accounts. I even removed all but my primary gmail account to see if it would make a difference.
I do have a VPN connection, but it is not active. (and pre-dated this problem)
Thanks for the suggestions so far
npike said:
No exchange accounts, only gmail accounts. I even removed all but my primary gmail account to see if it would make a difference.
I do have a VPN connection, but it is not active. (and pre-dated this problem)
Thanks for the suggestions so far
Click to expand...
Click to collapse
If you have VPN credentials stored, you are required to use a "secure" screen lock. Something may have glitched and not required it when you set up the account, but my guess is that is what is preventing you from disabling the screen lock.
Were you using the facial recognition unlock earlier? I think the system lets you slip by if you have that set before entering credentials, but won't let you choose it afterwards.
I had the same problem when i tried to setup an exchange email account and installed a certificate.
Fixed it by deleting all certificates.
Settings>Security>Clear credintials
It's probably not the "correct" answer but if you can't get it sorted out try the app "No Lock" which disables the lock screen. I used it for the longest time and it worked great.
Quick simple question.. Do you have the "lock screen when pressing power button" tickbox checked?
rsalama said:
I had the same problem when i tried to setup an exchange email account and installed a certificate.
Fixed it by deleting all certificates.
Settings>Security>Clear credintials
Click to expand...
Click to collapse
That did the trick, Thank YOU!
Lock screen
You Should go
setting/security/credential Storage/clear credential
then ok.
codesplice said:
If you have VPN credentials stored, you are required to use a "secure" screen lock. Something may have glitched and not required it when you set up the account, but my guess is that is what is preventing you from disabling the screen lock.
Were you using the facial recognition unlock earlier? I think the system lets you slip by if you have that set before entering credentials, but won't let you choose it afterwards.
Click to expand...
Click to collapse
Thank you codesplice! I had the same problem today and your answer helped me solved the problem. The screenlock could be disabled right after I deleted the VPN account.
codesplice said:
If you have VPN credentials stored, you are required to use a "secure" screen lock. Something may have glitched and not required it when you set up the account, but my guess is that is what is preventing you from disabling the screen lock.
Were you using the facial recognition unlock earlier? I think the system lets you slip by if you have that set before entering credentials, but won't let you choose it afterwards.
Click to expand...
Click to collapse
Removing my VPN connection solved the problem for me!
My 2 cents. I had the same issue today when i tried installing corporate email. The certificate had me setup a screen password encrypt my card and another bunch of things. Soon i got pissed off by the password prompt and decided to delete my mail account and rebooted. Guess what.. the credentials did not go. my password could not be disabled. I even tried clearing credentials in security but it did not help. I check device administrators and there was nothing.
So here's finally what solved the issue. The device administrator got deleted when i uninstalled the email account. So i re setup my account and then went back into the device administrators. Now i saw email app as a device admin. It has a check box which was enabled. i disabled it.. rebooted the mobile and cleared credetials again. Again reboot and was able to disable lock. Key was to disable the administrator while the app was installed.
rsalama said:
I had the same problem when i tried to setup an exchange email account and installed a certificate.
Fixed it by deleting all certificates.
Settings>Security>Clear credintials
Click to expand...
Click to collapse
thanks - that worked! I have had a VPN connection setup and then deleted it. It still did no allow me to remove the screen pattern. After deleting all the certificates it finally worked.
reza1reza1 said:
You Should go
setting/security/credential Storage/clear credential
then ok.
Click to expand...
Click to collapse
Obviously the credentials are there for a purpose. So this is bad advice, unless you can explain why everybody can suddenly do without the credentials.
If your little finger itches, would you hack it off?
rsalama said:
I had the same problem when i tried to setup an exchange email account and installed a certificate.
Fixed it by deleting all certificates.
Settings>Security>Clear credintials
Click to expand...
Click to collapse
It worked!!! Thanks a lot!!
rsalama said:
I had the same problem when i tried to setup an exchange email account and installed a certificate.
Fixed it by deleting all certificates.
Settings>Security>Clear credintials
Click to expand...
Click to collapse
npike said:
That did the trick, Thank YOU!
Click to expand...
Click to collapse
my clear credential is also gray
Sure fix
This didn't work for me too. The fix is download clean master and in accessibility settings turn on clean master. If nothing work,this will surely
Has anyone discovered any tweaks to HTC Sense 4.0 that enable you to set a trusted credential password independent from a phone PIN or password?
In order for me to access the WLAN and email at work, we use software certificate based EAP-TLS. While there are several ROMs that feature modified Exchange support to remove the need for admin rights elevation for the mail profile, I haven't found a way to store my software certificate in the trusted credential cache without setting a phone PIN or password. In older versions of Sense, I was able to set a strong password for the encrypted credential store and use a different security policy for phone unlock. But with Sense 4.0 I am forced to select either PIN or password, neither are ideal for me.
Using the same PIN for the phone and credential storage isn't what I would like as a 4 digit PIN isn't strong enough for the trusted credentials. But there is no way that I want to type in a 12 character mixed case strong password that I would use for the credential storage every time I want to unlock my phone.
Can anyone recommend a ROM that might have the ability to set the security on the trusted credentials and certificates separately? If not, are there any security mods that might let me change the "Lock Phone after" duration to something higher than 15 minutes?
Hello
I've seen similar requests for VPN/Email.
But haven't found a way to do this in my case.
I'm using a 802.1X Wi-Fi, which needs a trusted CA certificate. After installing it I was forced to used graphic unblock, PIN or password.
Is there a way to remove this restriction and use normal slide unblock?
Also I'm using Exchange email on my phone. But I configured it after I installed Certificate, so I didn't even know that it may cause me use graphic unblock too.
So I guess I need to disable this restriction for both - certificate and exchange email.
Is there a way to do so?
I am trying to setup the default email app but it does not work. I need to configure my gmail account there. I tried both automatic and manual setup (IMAP, imap.gmail.com, port 993, SSL/TSL). But I always receive this message: "Problem with account setup. Username or password is incorect." But I am completely sure that I type my usernam (= my gmail address) and password correctly.
Babovka said:
I am trying to setup the default email app but it does not work. I need to configure my gmail account there. I tried both automatic and manual setup (IMAP, imap.gmail.com, port 993, SSL/TSL). But I always receive this message: "Problem with account setup. Username or password is incorect." But I am completely sure that I type my usernam (= my gmail address) and password correctly.
Click to expand...
Click to collapse
It might be a silly thing to ask, but do you have two step authentication enabled?
Actually, I believe the issue is to do with allowing less secure applications to access your GMail account - there is more about this here: https://www.ghacks.net/2014/07/21/gmail-starts-block-less-secure-apps-enable-access/ and for security reasons, I do *not* advise you to allow less secure applications to access your account. Instead, get a better application.
I repeat, I advise you NOT to allow less secure applications to access your account.
marco-v said:
Actually, I believe the issue is to do with allowing less secure applications to access your GMail account - there is more about this here: https://www.ghacks.net/2014/07/21/gmail-starts-block-less-secure-apps-enable-access/ and for security reasons, I do *not* advise you to allow less secure applications to access your account. Instead, get a better application.
I repeat, I advise you NOT to allow less secure applications to access your account.
Click to expand...
Click to collapse
I guess you're right. But the problem is that if the OP doesn't use GApps in LineageOS, only the default email and some others you can install from F-Droid will be available, but they're all the same (unless you know some alternative I don't). I'm trying to setup ProtonMail, but the developers said it is impossible to be done outside the browser or the Play Store app right now.
It would help if the people who made the email service created an open source app that could be included in F-Droid. Very few care about free software