Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Treo Cannot Sync without Root Certificate
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
After updating to Versamail 3.5 (and the Active Sync update) I can not longer authenticate to KMS. I am asked for a root certificate. The Admin manual (p. 378) states that one can navigate to a secure web page for the mail server and load the certificate, which I did manage to do after locating a SSL-ready browser. (Blazer is not.) Yet the connection still would not authenticate, and I was again asked for a root certificate.

Thereupon I set about using Palm's Windoze app to create a root certificate, which did not work. Much googling confirmed that NO ONE seems able to add a self-signed certificate to a Treo and get it to sync with an Exchange server.

The only fix seems to be to BUY a certificate and load it on your server, but KMS speficially says that no third-party add ons are required.

As I mention, all was working fine until I updated to the new and improved payware Versamail, so I'll probably revert. This will require a hard reset and a general rebuilding of everything from scratch.

So . . . anyone been able to add an SSL certificate from KMS to enable them to use a handheld (specifically Treo 650) to connect via Active Sync?
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
ok fwiw i figured this out, but all's not well.

i used the palm certificate modification tool, available here:

http://www.palm.com/us/support/downloads/versamail/certmodto ol.html

this allowed me to add my kms ssl certificate to the palm database of "approved" certificates. beware that it was not working with the certificate i exported from kms, but only from the one i grabbed with firefox ON A PC, not a mac, which seems incompatible with the tool.

did a hard reset and a fresh install of everything before adding the new cert.db

BUT, while i am no longer getting certification errors, i STILL cannot connect to kms with versamail 3.5.

while i was able to connect with versamail ver. 3.1, after "upgrading" to versamail 3.5 ( http://software.palm.com/us/html/display_palm_product.jsp?id =prod2430706) and adding the active sync update for treo ( http://software.palm.com/us/html/display_palm_product.jsp?id =prod4761800) mail hangs at "receiving."

the debug log shows:

[31/Mar/2007 01:20:42][42887680] {auth} Krb5: entering auth (user: chris<_a.t_>SERVER.BROOKLYN.COM)
[31/Mar/2007 01:20:42][42887680] {auth} Krb5: user chris<_a.t_>SERVER.BROOKLYN.COM authenticated.
[31/Mar/2007 01:20:44][42887680] {auth} Krb5: entering auth (user: chris<_a.t_>SERVER.BROOKLYN.COM)
[31/Mar/2007 01:20:44][42887680] {auth} Krb5: user chris<_a.t_>SERVER.BROOKLYN.COM authenticated.
[31/Mar/2007 01:20:44][42887680] {activesync} Client: PLMO3649880A (2.5): User: chris<_a.t_>xyz.com, Cmd: FolderSync, request: 03,01,6A,00,00,07,56,52,03,30,00,01,01 [..j...VR.0...]
[31/Mar/2007 01:20:44][42887680] {activesync} Client: PLMO3649880A (2.5): User: chris<_a.t_>xyz.com, Cmd: FolderSync
[31/Mar/2007 01:20:44][42887680] {activesync} ActiveSyncKeyDatabaseFileLock::LockMd5: Database for device: md5: 488a0e77768d52f1428f26ea7dd81114 has been locked
[31/Mar/2007 01:20:44][42887680] {activesync} ActiveSyncKeyDatabaseFileLock::UnlockMd5: Database for device: md5: 488a0e77768d52f1428f26ea7dd81114 has been unlocked

the debug log shows:

[31/Mar/2007 01:20:44] ASyncKeyDatabase.cpp: ActiveSyncKeyDatabase::Load: Unable to open synckeydb for user 'chris<_a.t_>xyz.com' - creating new database

thoughts?
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
GoDaddy sells their turbo ssl cert for $20/year. It's worth it to not have to hassle with this. I suggest the two-year deal which lowers the price further and saves you from having to re-load the cert as often (ah, the years go by quickly).

I found GoDaddy's support to be quite good. They have no qualms about refunding your money if the cert doesn't perform as expected.

One note of caution: The GoDaddy cert requires an intermediate (chain) certificate also be installed on the server side. Supposedly, only KMS version 6.4 (currently in beta) has support for intermediate certificates (check the release notes).

I have a GoDaddy cert request in progress right now. I'll test the cert (and the intermediate cert) on my 6.4 beta box and report back if anyone is interested. Primarily, I'm doing all this due to the regedit fun required to load a self-signed cert on a WM5 device. It will also be nice to not have to send replacement self-signed certs to all our client users each year.

I do have a Treo 650 running the included Versamail app and am running OTA sync of mail and calendar events currently. The unit does indicate that it is using a secure connection, but I don't exactly recall how I set it up with the self-signed cert. I vaguely recall pointing the built-in browser to http://my_server/server.cer (not https).

I'd shell out the 9.99 for the updated VersaMail and give it a shot if it was able to sync tasks too. I'm afraid I'll have to give up on the Palm OS in the not too distant future. They just haven't kept pace with the rest of the industry.

Cheers,
Lyle Millander
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
The problem is the new active sync update from Palm. It doesn’t work with KMS. Versamail 3.5 works without the update on a Treo680
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
thanks for the answer

will versamail 3.5 work if i do not also update active sync?

according to palm, the active sync update requires versamail ver. 3.5 but i didn't see anythere about versamail. 3.5 needing the active sync update.
  •  
sonofcolin

Messages: 483
Karma: 0
Send a private message to this user
Treo 680 comes with Versamail 3.5, which works fine with KMS using Activesync. However, there is an activesync update for the treo 680 which does not work with KMS.
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
so, 3.5 will work with kms, but i should not install the active sync update?

are you confident this is so? i just hard reset my treo and reinstalled everything after installing 3.5 and the active sync update, so i'd rather not do it again . . . :-)
Previous Topic: Questions about setting up backup mailserver
Next Topic: how to add multiple email add. in archive option
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 14:22:09 CET 2017

Total time taken to generate the page: 0.00387 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.