Highlighted
Valued Contributor.
Valued Contributor.
1029 views

Device get wrong certificate

Hi,

Not sure wether this is actually a GroupWise Mobile device server problem.

Setup:
Running the GroupWise Mobile server 2.01. Dashboard looking ok; everything green en synced. Great.
Using the default ssl poort 443. The router is a Vigor Draytek 2880n which has 443 open en connects to the local IP of the datasync server (or is it GroupWise Mobile server).

When I try to connect with an android device or iPhone I get the the message that there is a problem with the certificate. This usually happends, as whe rarely use an official certicate. Normally it will work anyway. Not this time however.

Examening the certificate indicates that the owner is the.. Draytek device. This puzzles me as we have dozens of setups running with the same hardware. But the phone wil ofcourse not sync in this case.

Using a FireWall entry 443 which connect to the local server of using the Port Adress Translatation feature in the gateway doen not make a difference.

Again not sure if it related to the DS server itself. But I'm sure that someone has a bright idea how to solve this.

Thanks in advance .

Eric Loderichs
Labels (1)
0 Likes
3 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: Device get wrong certificate

Eloderichs,
> Examening the certificate indicates that the owner is the.. Draytek
> device.


That would indicate that the router and not the GMS server is answering
the request in this case.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
http://www.novell.com/rms

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Device get wrong certificate

If the box to which you are pointing your devices is doing some kind of
SSL termination (meaning it is the SSL server and then it establishes
another connection to the backend for the client, usually for purposes of
inspection of traffic or to remove the need for SSL on the backend
entirely) then you'll need to fix that device. You can see the same
results as on the phones if you connect to the same IP/port using
something like openssl (note that connecting to something like this often
depends on DNS, and often DNS has different entries for clients
inside/outside the organization, so be sure you're hitting the same system
when doing this test or else it is an invalid test from the start):


openssl s_client -connect ip.addr.goes.here:443 -showcerts | openssl x509
-text


In my opinion, the chances of this showing anything different are terribly
small, but at least this is an easy way you can test from any old Linux
system (or system with Cygwin installed for those stuck on an inferior
option) which is usually a better place for troubleshooting than a phone.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Re: Device gets wrong certificate

ab;2342843 wrote:
If the box to which you are pointing your devices is doing some kind of
SSL termination (meaning it is the SSL server and then it establishes
another connection to the backend for the client, usually for purposes of
inspection of traffic or to remove the need for SSL on the backend
entirely) then you'll need to fix that device. You can see the same
results as on the phones if you connect to the same IP/port using
something like openssl (note that connecting to something like this often
depends on DNS, and often DNS has different entries for clients
inside/outside the organization, so be sure you're hitting the same system
when doing this test or else it is an invalid test from the start):


openssl s_client -connect ip.addr.goes.here:443 -showcerts | openssl x509
-text


In my opinion, the chances of this showing anything different are terribly
small, but at least this is an easy way you can test from any old Linux
system (or system with Cygwin installed for those stuck on an inferior
option) which is usually a better place for troubleshooting than a phone.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...


Ok thanks. I've been looking to the Draytek config in detail but cannot find anything. Trouble is that has a site 2 site connection up and running to a 2nd location which makes it hard just to clear/ reboot / reconfigure it. Beyond the fact that we don't maintain this device for thsi customer. Maybe just connecting the phone to the wireless LAN and then see when i put a local adress in it. Will have to create a split DNS anyway.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.