Related
I just installed the latest WM6.1 rom by Kavana. I'm trying to connect to my private/work network, and I need to use EAP type "Smart Card or Certificate", but only PEAP and TLS are listed. Are there any solutions to this issue? I searched on this forum, but could only find the same question asked (but not answered) here:
http://forum.xda-developers.com/showthread.php?p=2028467&highlight=Smartcard#post2028467
Thanks!
Sorry for the lack of details but I had a similar problem. There are several google references to various ways to get certificates working. You can also disable certificate checking which is what I elected to do for now.
To force WM5 or WM6 to accept the PEAP server's certificate without attempting any other validation, add the following registry key:
[\HKLM\Comm\EAP\Extension\25\]
"ValidateServerCert"=dword:00000000
This worked for me. More good hacks and the full article/blog http://www.mobilewave.ro/forum/topic-2549.html
Can you link to those several references on google? Why is the smartcard or certificate option missing from this rom anyway? Are there any registry hacks to get this option back?
Hey man, do your home work and google and you can always change the registry entry if you think that the network your are connecting too is not trustworthy. Otherwise I think you will spend many hours of trial and error like I did.
I tried
"ValidateServerCert"=dword:00000000
I am still not able to connect to network. Also as said above, the TLS is not showing the certificates & smartcard. Also when I click on TLS "properties" nothing shows up. I have certificates installed, I can see it from Settings->Security->Certificates.
Any help. It is getting very frustrating.
Bump. Please chime in.
I really didn't want to post this, honest. I have searched xda. I have searched the web. I have found other threads. I have followed the suggestions. But, it seems that my exgirlfriend may have been right, I'm an idiot.
I can't get my Hermes to connect to my office exchange server. The settings on my end are correct, the issue is on my office's end.
When I sync I get an error and support code 0x80072F17. I know that it's a certificate error.
IT is not going to help me on this one, so I'm on my own. I have tried to manually import the certificate. Didn't work. I tried making a regedit I found on another thread. Didn't work. I tried combinations of various settings. I only time I don't get an error code is when my device begins to endlessly prompt me for my password.
I'm sorry to post, but it's my last option. Does anyone have any work arounds for this error? Is there a way to have my device ignore the certificates? Is there anyone out there that can help??
There must be some way. My colleagues, both of them with HTC Trinity's, original WM5 roms came across this error when the certificate on our Outlook Web Access was about to expire. Me, however, with my HTC TyTN WM6 never got this issue. I'm not sure why. I know I've installed a couple of cert cabs, the one they call sdkcerts.cab and one more. Search for that cab and see if it helps. I always figured it made the device accept non signed software but maybe it helps for these kinds of issues as well.
You just must set correct date and time for you phone and try again.
I'll try and give you a hand...
First off, you need to know a few things to set this up.
(1) The FQDN of you company used to access the OWA (Outlook Web Access), for example, mail.mycompany.com/exchange
(2) The NetBIOS name of your local domain at your office (Right click the My Computer icon on your office pc and select Computer Name and note the Domain. If your IT dept did it the recomended way it'll have a .local extension, for instance, lawoffice.local. You'll use just the domain name without the extension, ie: lawoffice. (without the period, LOL)
(3) I absolutely never use my PC to configure my ActiveSync on my devices, just to initailly copy the certificate to the Storage Card.
Two ways to do the certificate. First is the method I always used until I discovered the second method, which is in my sig.
(BTW, substitute YOUR FQDN for mine, duhh! )
(1) Install the certificate on your PC by going to the FQDN of your OWA in Internet Explorer 7 on your PC, not your PDA (XP is much easier, Vista is quite difficult to do this)
For example, open IE7 and put mail.mycompany.com/exchange in the address bar. You should initially get a "There is a problem with this website's security certificate" error, click on "Continue to this Website" Now, next to the address bar at the top you'll see Certificate Error", click it, View, Install, Next, Next, Finish, Yes. Then you'll see "The import was sucessful" <damn, that took a while!)
Close IE 7 completely and reopen it, put "mail.mydomain.com/exchange" in the address bar and you'll go straight to the OWA page, meaning that your import WAS sucessful, yipee!
(2) Click on Start, Run and type "mmc" and OK. This opens the Microsoft Management Console and you'll see Console1 at the top. File, Add/Remove Snap-In, Add, Certificates, Finish, Close, OK. Now expand Certificates, Trusted Root Certification Authorities, Certificates. Find YOUR certificate in the list. Right click, All Task, Export, Next, DER encoded binary, Next, File name. I use c:\mail.mydomain.com so that I can find it easily. Now finish and you'll get the Export was sucessful message.
(3) Connect to your PDA via ActiveSync as a guest, kill your partnership if it exists, you don't need it), copy the cert to your Storage Card and execute it from there.
Now disconnect youR PDA AND open ActiveSync. Server address is the FQDN of you company without the /exchange, for example, mail.mycompany.com. Leave the check mark on the SSL. Next put your user name, password and the NetBIOS name of your domain. The configure you options for the number of days to sync, etc.
That's it!
Now... once you do that and it works, follow this thread, Auto-provisioning POP3 or Exchange mail via UC Mini how-to.
so you can create a cab to do this automatically!
I had this problem before.
For me, it was due to the fact that I installed CESTAR and it messed up my certs. Unintalling CESTAR won't fix it. You got to reload the rom.
From there, I used Leies' Chinese character support which is free and doesn't mess up the certs.
SOLVED
I have been at this issue for over 2 days now, dealing with the error 0x800072f17. About 5 min ago i fixed it. After narrowing the problem down to a certificate error i then proceeded to look at the certificates. There were two in the certificate store (personal) and both were self signed.
One was XXXX (server name) and the other was XXXX(company name) CA.
The server name one had expired. Seeing as how it is self signed, i had our it admin renew it. He forgot to re-assign it to the outlook web access, so i did it myself in the Internet Information Services console on the server.
This had solved only 1/2 of the problem.
The certificate was assigned to the exchange server, not the OWA web site. After discovering that i could not change the issued to name, or create a new certificate (not an admin) i decided to change the activesync settings to sync the INTERNAL OWA address, which is servername.internaldomain.externaldomain.com (this had not previously worked due to the expired certificate)
Now i have a fully functioning push email system.
Nearly all done without admin permissions.
Whilst im new to this site, feel free to pm me about it.
Solving this is the most satisfying thing i have done this year lol.
But does this allow you to get/check email from outside your location? Or do you have to establish a VPN first?
I have searched for 2 days all over the net on how to get rid of this error and have tried every way to import my owa certificate but no matter how i do it, the certificate will not install in the root folder which, from everything i have been reading, is why i can't get my sync to work.
Does anyone have any idea how to install the certificate to the ROOT folder and not the INTERMEDIATE folder?
Thank you
Ex2003 SP2 I gather..
Is the cert installed (and working!) on the server? can you access OWA?
Where did you get the .cert from?
Try grabbing the .cert from your OWA page...
yes i can get owa access however i dont know how to check on server as it is my work server. i am getting the cert from my owa page and am installing however it is installing the cert to the intermediate folder and the root folder thus it wont sync.
I had the same problem. I fixed it by turning *off* SSL (even though my office says they require it to be on).
buckaroo said:
I had the same problem. I fixed it by turning *off* SSL (even though my office says they require it to be on).
Click to expand...
Click to collapse
well ya that will work but isnt a very good idea at all for security purposed.
It's not the site cert you need, it's the Certificate Authority cert you need to install on the device, so the device will trust the body that issued the cert to OWA.
If you're the one running the Exchange Server, go to your Certificate Server (ie http://exchange/certsrv ) and click on the "Download a CA certificate, certificate chain, or CRL", then "Download CA Certificate". Install THAT certificate on your device.
Otherwise, direct your IT people to forward you a CA Certificate.
If you built the Exchange Server yourself, you might want to have a looksie here http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
gregorypleau said:
It's not the site cert you need, it's the Certificate Authority cert you need to install on the device, so the device will trust the body that issued the cert to OWA.
If you're the one running the Exchange Server, go to your Certificate Server (ie http://exchange/certsrv ) and click on the "Download a CA certificate, certificate chain, or CRL", then "Download CA Certificate". Install THAT certificate on your device.
Otherwise, direct your IT people to forward you a CA Certificate.
If you built the Exchange Server yourself, you might want to have a looksie here http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
Click to expand...
Click to collapse
thank you, this makes more sense now.
buckaroo said:
I had the same problem. I fixed it by turning *off* SSL (even though my office says they require it to be on).
Click to expand...
Click to collapse
Well, so much for your IT department. They shouldn't let the server authenticate w/o the certificate.
Hi,
I need to a HttpWebRequest to send a Post/Get Request to a SSL secured web site. But, the SSL certificate is not one of the installed ones, so the phone cannot really connect to the server, and just throws a "not found"-exception. When I download the certificate, send it to my phone via email and install it, it works. No here is my question: how can I fix this, or circumvent the ms restrictions.
If you have an idea, please tell me...
Issue a certificate from 3rd party authority and do not use self signed certificates.You can buy certificate from VerySign for example for your WebServer.
You can't use StartSSl free certificate because Root authority of the StartSSL servers is not installed in our devices.
Because VerySign certificates are very expensive you can try GeoTrust or RapidSSL
It is not possible to change the certificate because the server, to where i want to send the request is a wifi router, with a self signed ssl certificate...
There is no way to circumvent the cert check via code. The only thing you can do is to install the cert on the phone.
so, i now nothing about linux, i know about android only as much as every other phone user. i used android emulators, one day i though hey, what if you just use android as an os and i found this new dimension, almost.
now, i installed the last bliss os, i had many crashing problems (installing apps from apkpure caused crash, installing from built-in file manager also caused crash) and i figured pretty much all of those problems stem from notification problems. so i go and disabled all notifications, app by app, including system ui notifications. now i can install anything from apkpure, i don't receive any crashing.
another problem was with vertical apps. they didn't show properly, solved that problem with the built in orientation tool.
now, i want to know wth is this microg thing is. i can install any apk from apkpure so i don't need store for that. i am also okay with playing games in guest mode. all i want being able to ignore google login part. (edit: i just installed another game in which you login with plarium registration method which also stopped working when loading bar was showing "connecting to store systems". makes sense, i guess.)
microg thing has a self check and i guess when everything checked it will do exactly that? it will fool apps as if i have google play while i don't? so i need a tutorial about that. what's unchecked for me?
system has signature spoofing support CHECKED
system grants signature spoofing support CHECKED
system spoof signature UNCHECKED
play services gmscore installed CHECKED
play services gmscore has correct signature UNCHECKED
playstore phonesky installed CHECKED
playstore phonesky has correct signature UNCHECKED
(everything else between checked)
last entry called "network based location enabled" UNCHECKED. (it says you either disabled this in system setting which i didn't or the system is not supported)
thanks in advance.
I have a similar problem - I managed to get some of the unchecked checked by clicking on the option itself and sometimes a dialog would come up asking to grant some sort of permission. But I am still stuck with 'System spoofs signature' and 'Play Services (GmsCore) has correct signature' unchecked.
Does this mean the signature spoofing is not happening? If so I'm not sure what else I need to do to get it set up on Bliss OS 11.14.