I am running Macnut r14 and wold like to import my Wifi certificate to the phone. Anyone have a 'how to' guide for doing this? Do I need the cert chain? Do I use DER encoded binary x.509? Base-64 encoded X.509? Cryptographic Message syntax standard - PKCS #7?
Any assistance would be helpful...
Related
Hey Everyone,
I recently downloaded and installed "PHP for Android." I created a .php file that utilizes an SSL connection with port 2195. When I tried running it, I get the following error message:
HTML:
Error:14094410:SSL routines:func(148):reason(1040) in /mnt/sdcard/sl4a/scripts/lot.php on line 19
Warning: stream_socket_client(): Failed to enable crypto in /mnt/sdcard/sl4a/scripts/lot.php on line 19
Warning: stream_socket_client(): unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /mnt/sdcard/sl4a/scripts/lot.php on line 19
This is my line 19:
"$apns = stream_socket_client('ssl://gateway.sandbox.push.apple.com:2195', $error, $errorString, 2, STREAM_CLIENT_CONNECT, $streamContext);"
I researched what "reason(1040)" means, and supposedly it means that the port is closed. But what firewall is blocking it? The same exact script works when I execute it from my computer from the same wifi connection. Could it be a firewall inside the Android OS?
Any input will be greatly appreciated!!
Thanks!
Does anyone know?
Hey,
We also got that error with the iPhone Push service, and it was due to the certificate not being set correctly (actually the certificate file didn't exist).
I hope this solves your problem if you haven't solved it by now.
Regards,
Chris
Hi all,
I am running CyanogenMOD 10.1 on my Samsung Galaxy SII i9100G.
To access all features of my university I have to connect to the university network with a VPN connection.
At first I installet the OpenVPN client for Android, which is working fine.
But now, since CyanogenMOD has a built in VPN client, I want to transfer my settings there. So I do not have to use additional software.
My problem is: I am not able to see through the configuration file. For OpenVPN I use a given configuration file and a certificate but I have no idea how to transfer the settings from that file to the CyanogenMOD VPN.
Has anyone here experiences with that? Or can help me with my problem?
I would really apprechiate some help here, because my search did not bring out any results on that...
Here is the content of the configuration file:
Code:
client
dev tun
proto udp
remote 123.456.789.0 1234
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.cer
cipher AES-256-CBC
verb 3
auth SHA1
auth-user-pass
inactive 600
route-method exe
route-delay 2
tls-remote vpnserver01
ns-cert-type server
Thank you!!
Hi, I recently purchased the ZTE Open C and want to synchronize its calendar with my own Caldav server.
Firefox rejects the connection tough, because the server has an invalid (self signed) certificate.
So i tried adding my certificate to firefox.
I found this guide:
http : // wiki . mozfr . org / Adding_CA_to_FirefoxOS
(Sorry for inserted spaces, won't let me post a link in first post.)
However I fail in the very first steps.
Code:
adb shell ls /data/b2g/mozilla/
Returns: /data/b2g/mozilla/: Permission denied
This means I dont have reading rights in this directory.
How do I get those rights, or alternativeley is there a better way to achieve my Caldav-Server goal?
Mathews123 said:
Hi, I recently purchased the ZTE Open C and want to synchronize its calendar with my own Caldav server.
Firefox rejects the connection tough, because the server has an invalid (self signed) certificate.
So i tried adding my certificate to firefox.
I found this guide:
http : // wiki . mozfr . org / Adding_CA_to_FirefoxOS
(Sorry for inserted spaces, won't let me post a link in first post.)
However I fail in the very first steps.
Code:
adb shell ls /data/b2g/mozilla/
Returns: /data/b2g/mozilla/: Permission denied
This means I dont have reading rights in this directory.
How do I get those rights, or alternativeley is there a better way to achieve my Caldav-Server goal?
Click to expand...
Click to collapse
You cannot use that method unless your phone is rooted, BUT...
I had the same problem and solved it a lot easier. Just launch the browser and input your server's URL. Then you will be warned about the not valid cert, add a permanent exception and that's all, now calendars should sync over HTTPS.
BTW this worked for me until FFOS v1.4. Today I updated to FFOS 2.1 and this trick stopped working, so you have been warned.
Thank you for the suggestion.
I am not running v2.0, so I tried it.
I could add the certificate.
However, when trying to connect, I get:
"Unknown Error. Please try again later."
Any way to figure out what's wrong now?
Seems to be a problem with the server I used. (Baikal)
Using a different one (Owncloud - sadly quite a lot bigger), it works with your tip.
So thanks for the help.
to ged rid of the "unknown error" in Caldav (etc.?)
doragasu said:
I had the same problem and solved it a lot easier. Just launch the browser and input your server's URL. Then you will be warned about the not valid cert, add a permanent exception and that's all, now calendars should sync over HTTPS.
Click to expand...
Click to collapse
thank you so much :victory:
Hi,
I'm trying to install a self-signed user certificate on Cyanogenmod 11 with Android 4.4.4. I know that there are some issues with this, but in many reports they say, it is easy to install when i take it directly from the SD card. Unfortunately, it is not working on my device and I'm not sure if my OS or my certificate is the problem.
I have tried several things, from using the PEM format or DER format, and also tried to use a signed certificate from CAcert.org. Btw, concering the root certificates: I was able to install them as user-certificates and they're shown up on the right place. However, I got the annoy security warning, but I can deal with it.
So let's start with the procedure to create my certificate:
1. I installed the root and the class3 certificate vom cacert.org. Everything is nice, the certificates are listed in user certificates.
2. Key generation:
Code:
openssl genrsa -des3 -out server.key 4096
3. CSR creation, using for both, self-signing and cacert signing
Code:
openssl req -new -key server.key -out server.csr
4.a Create self-signed certificate by myself:
Code:
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
4.b Put server.csr on cacert.org, create certificate, save it in "server_cacert.crt"
5. Converting to binary format:
Code:
openssl x509 -in server.crt -outform DER -out server_der.crt
With this, my certificate creation is finished. Now I put all four different versions on the internal storage on my smartphone. I go to the security settings -> "Install from internal storage" -> choosing one of the certificates.
I'm then asked for a name fort the cert, choosing "usage for vpn and apps", and -> "Save". A popup with "Cert ... successfully installed" afterwards.
But: When i have a look a the user certification list, none of the created certificates is working. I only got the cacert root certs installed.
I have no idea what to do now. One solution which was discussed, was to install the certs as system certificate. But for this, I need to root my smartphone and this is one thing I don't want to do.
So, hopefully you can find the fault in my procedure, so I can get it installed without root privileges.
Thank you for your support,
Kind regards,
-Cyanide-
Sorry for pushing this thread... but I really have no idea what to do? I guess, I'm not the first person who tries to install a certificate, so hopefully you can share your experience?
In my opinion, the fault may be in the certificate creation, because I'm able to install the root certificates from cacert.org..
thanks again
I would also like to know
Short update:
It is working now. But I'm not sure, if it's good the way I did it.
I used easy-rsa to create a ca.crt. I was able to import this one to Android, like it was working before with cacert root certificates. On the server side, I use the crt and key also for my DAV server. With this combination, everything is fine, but I'm not sure if this is the right way, how the certificates should be used.
I am trying to connect an email app (AquaMail) on my phone (Sprint Samsung Note 4, stock rooted, Android OS 5.0.1) to my email server (IMAP) using SSL. When I try this, I get the following error message:
Incoming mail server (IMAP): Invalid security (SSL) certificate. java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
The server to which I am trying to connect is my own VPS. I do have a wild card certificate installed on the site and I believe it is installed properly. I say this because of the report I generated on www.ssllabs.com/ssltest:
Certificate: 100%
Protocol Support: 95%
Key Exchange: 90%
Cipher Strength: 90%
Two certification paths are shown: mail.mydomain.com -> StartCom Class 2 Primary Intermediate Server CA -> StartCom Certification Authority (one path shows this with SHA1withRSA and the other shows SHA256withRSA).
Looking at the Handshake Simulation section, it clearly shows that Android 5.0.0 functions properly, but is also shows that Java 7u25 has a 'protocol or cipher suite mismatch'. This same warning shows up for other, deprecated systems and is probably due to my having turned off older, insecure access protocols.
Can anyone suggest how to get this working properly? Yes, I could work around this by a) allowing all certificate or b) not using secure protocols; but neither of these are solutions.
Thank you for your help!