MLWeiner Absent Member.
Absent Member.
4678 views

Moto Droid 2.2 Release - Self Signed Certificate Problem

Just a heads up for anyone else seeing this problem, as the long awaited Froyo (Android 2.2) is dropping to devices we've seen an issue with the self-signed certificate. It will fail on adding an account on the device with an "error connecting to server." No details, just a generic error. Nothing in the logs on phone or server.

The problem stems from the self-signed certificate not having the Mobility Server's DNS name as the CN. There is a glitch in the Froyo SSL library (known as an open bug in the Android bugtrack - Google claims "unable to reproduce") that causes problems if a certificate is encountered whose CN doesn't match the site even if you tell it to accept all certificates.

Quick 'n easy solution found after two hours of colorful swearing at the phone: make a certificate through YAST and export it as a .pem file. Use that in the YAST Datasync configuration instead of the self-signed certificate. It'll work fine.
Labels (1)
Tags (4)
0 Likes
7 Replies
acollins1 Absent Member.
Absent Member.

Re: Moto Droid 2.2 Release - Self Signed Certificate Problem

Glad to know I'm not the only one experiencing this. Unfortunately too late to get a fix in before the weekend. Does anyone know if the Android 2.2 FRG22 build has the same issue as the Android 2.2 FRG01B?
0 Likes
romz169 Absent Member.
Absent Member.

Re: Moto Droid 2.2 Release - Self Signed Certificate Problem

I have tried to create the cert and use that but I am still unable to connect with a droid on 2.2
0 Likes
acollins1 Absent Member.
Absent Member.

Re: Moto Droid 2.2 Release - Self Signed Certificate Problem

I used YAST to create a new cert. There is another thead that tells you were to put it (var/lib/datasync/device), however the instructions aren't very good. The CN name needs to match the server name you put on the Droid, and, at least in my case, I had to export it from YAST as unencrypted PEM format and replace the mobility.pem certificate that was in that directory.

If there are is a better way to do it, I would love to know about it. It doesn't sound good that it has to be unencrypted, so if someone can correct me and give me better instructions I would appreciate it.
0 Likes
anthompson Absent Member.
Absent Member.

Re: Moto Droid 2.2 Release - Self Signed Certificate Problem

acollins1;2009493 wrote:
I used YAST to create a new cert. There is another thead that tells you were to put it (var/lib/datasync/device), however the instructions aren't very good. The CN name needs to match the server name you put on the Droid, and, at least in my case, I had to export it from YAST as unencrypted PEM format and replace the mobility.pem certificate that was in that directory.

If there are is a better way to do it, I would love to know about it. It doesn't sound good that it has to be unencrypted, so if someone can correct me and give me better instructions I would appreciate it.


Another way to do it is to follow these instructions: http://forums.novell.com/novell-product-support-forums/data-synchronizer/ds-mobility-pack-public-beta/417914-regenerate-mobility-pem.html Use the open ssl instructions from MJ and that will allow you to use a self signed cert temporarily.
0 Likes
bri9man Absent Member.
Absent Member.

Re: Moto Droid 2.2 Release - Self Signed Certificate Problem

So rename the .pem file to mobility.pem and place in var/lib/datasync/device?



Brian Hatchell
IT will NEVER ask for your password.
Network Manager
Victor Valley College
760 245-4271 x2792

"If everybody's thinking alike, somebody isn't thinking"
General George S. Patton

Twitter:@vvcit or http://twitter.com/vvcit
Check my Blog at http://gwcal.vvc.edu/mplusextranet/scp.dll/blog?user=hatchellb
>>>

From: anthompson<anthompson@no-mx.forums.novell.com>
To:novell.support.data-synchronizer.mobility-pack
Date: 8/18/2010 2:06 PM
Subject: Re: Moto Droid 2.2 Release - Self Signed Certificate Problem

acollins1;2009493 Wrote:
> I used YAST to create a new cert. There is another thead that tells you
> were to put it (var/lib/datasync/device), however the instructions
> aren't very good. The CN name needs to match the server name you put on
> the Droid, and, at least in my case, I had to export it from YAST as
> unencrypted PEM format and replace the mobility.pem certificate that was
> in that directory.
>
> If there are is a better way to do it, I would love to know about it.
> It doesn't sound good that it has to be unencrypted, so if someone can
> correct me and give me better instructions I would appreciate it.


Another way to do it is to follow these instructions:
http://forums.novell.com/novell-product-support-forums/data-synchronizer/ds-mobility-pack-public-beta/417914-regenerate-mobility-pem.html
Use the open ssl instructions from MJ and that will allow you to use a
self signed cert temporarily.


--
anthompson
------------------------------------------------------------------------
anthompson's Profile: http://forums.novell.com/member.php?userid=80047
View this thread: http://forums.novell.com/showthread.php?t=417713
0 Likes
anthompson Absent Member.
Absent Member.

Re: Moto Droid 2.2 Release - Self Signed Certificate Problem

That is correct.
0 Likes
bp123 Absent Member.
Absent Member.

Re: Moto Droid 2.2 Release - Self Signed Certificate Problem

I also tried creating it in YAST and moving it to that directory but that doesn't work for me either. Did those of you who had problems end up getting the resolved? If so, how?

Thanks for your help.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.