SilentMember

Hello,

I set up exchange on there treo700p. I get an SSL error now. Any help will be appreciated. trying chatter mail now.

Roman

TGavilan

I suspect you are not using a valid SSL cert. It appears that the new version of VersaMail is not happy with invalid certs.

MHR

How does one get these certs onto the 700p?

And, are they different from the certs that would go onto a 700w?

SilentMember

My exchange reqire SSL certificate intalled on the phone. I had simmilar problem with PPC6700 when I installed certificate if eliminated that issue.

Now question is how do you add ssl sertification on TREO 700P

thaumaturgan

Bump please.

Miggy

I'm in the same boat. Versamail worked w/ my exchange server previously on my 650, but now gives a "No Trusted Root Certificate Authority" error. Any thoughts?

thaumaturgan

The only thing I have found so far is buying a cheap cert for my clients who use OWA and want the 700p.

Miggy

Excuse my ignorance, but does the cert go on Treo or the server?

If the treo, how do you load it on there?

enagel

Best solution is to skip VersaMail and go with Chatter and check Trust Certificates under system preferences if you have problems connecting.

thaumaturgan

If you purchase a cert it will go on the server. The question is whether it is possible to load a self-signed cert onto the treo. You can do this on most newer windows mobile devices like the 700w.

yes Chattermail seems to be an option per user ... although a cheap cert (20/year?) would support all users.

brad

maxdrive10

I can send but not recieve through my exchange server. During the "test settings" I recieve a airSAMStateMachine.c 530 4628 error message. That error number 530 4628 isn't listed on Palms website.

__________________
Former Centro, Treo 700P, Treo 600, Tungsten T, M505 and PalmIII user...currently a Pre owner.

thaumaturgan

I hate to answer my own questions. But, I just spent 45 minutes on the phone with sprint. Their response is to turn off SSL in advanced settings, or "talk to your IT department". Well, I am the IT department for my clients. Turning off SSL seems to work with one of my client's servers. Its essentially an out of the box SBS 2k3 sp1 installation. I did not think that OWA was configured out of the box to work without SSL but apparently it is.

I will probably purchase a self signed cert if that is the only solution to re-enable encryption.

SilentMember

I have called sprint today. They guy just refused helping me and told me that "SPRINT DONT SUPPORT EXCAHNGE". Decided to forget sprint support and called palm directly. No help from palm either, just end up being transfer to Microsoft. Microsoft rep told me that it will cost $245 for helping me with exchange issues.

I believe palm should assist us with connection issues to exchange since Treo is Palm product. How do we add ssl certification to TREO????

So far no luck anyone else can add to that.

Roman

thaumaturgan

Sorry I didn't mention that I called Palm first who said... Exchange call MS, Sprint Treo 700, call Sprint. I did not call MS 'cause the problem is very clearly with VM... It is conceivable though that the behavior with VM on the 650 is actually considered the bug in that they just accepted any SSL cert and we are dealing with email which could be considered very sensitive by some and so it was "fixed".

not trying to defend the change, just considering what it could be. Given that I have three sites where this will be an issue I've elected to go the *cheap* cert route and purchase a $20.00 ssl cert to make sure that will work. that has caused its own problems since my own domain was registed in '96 and I failed to update my email address since then.

I will note that Blazer identified the self signed cert when I went to OWA but at least gave me an option to override it.

I also looked at CM but the people at my sites are cheap about some things and if $20.00 plus the time to load the cert is all it takes to support multiple people then that is great.

I think it would be very nice to have a checkbox to override the authority and use the self signed cert to encrypt the traffic. Seems to me the code might even be there since it would be handy for debugging. As you say better yet, a way to load the cert would be the best all around and would maintain some level of integrity since you have to load it in the first place.

SilentMember

Any one figure out the problem with exchange yet.

I did some researtch and I found a IBM site it shows how to add SSL to the treo.

http://publib.boulder.ibm.com/infoce.../sec_palm.html

Download palmdb.exe (certificate conversion utility) to a local directory or folder. You can download the palmdb.exe file from the following location: http://www-1.ibm.com/support/docview...f-8&lang=en+en
Convert certificate to a file which can be used on Palm client device as follows.
Start IBM Key Management Utility included with IBM HTTP Server.
Open a key database file which includes an appropriate certificate.
Select a certificate to extract. For a self-signed certificate, complete the following steps:
Select Personal Certificates in the drop-down list.
Select an appropriate self-signed certificate from the list of the Personal Certificates.
Click Extract Certificate at the lower right.
For a real certificate obtained from a CA, complete the following steps:
Select Signer Certificates from the drop-down list.
Select an appropriate certificate from the list of the Signer Certificates.
Click Extract at the upper right.
Select Binary DER data as Data type.
Enter cacerts.der as the Certificate file name and save it. Then, rename cacerts.der to cacerts.bin.
Place the palmdb.exe utility in the directory where cacerts.bin exists.
Run the application without arguments.
Confirm that SSLCaCerts.pdb was created in the same directory. The SSLCaCerts.pdb is a certificate file which can be used on the Palm Client.
After you complete these instructions, provide the SSLCaCerts.pdb file to your device users and instruct them to complete the instructions in Configuring SSL.

I followed instuction on the web, created new SSL file hotsync to treo. Still same error???

thaumaturgan

I took a look at your post and the IBM site and the websphere everyplace access product and what I have found is that IBM has a PIM and email client called:

IBM Everyplace Client for Palm

and I believe those instructions are only for their client which hooks into IBM websphere everyplace.

Darn it!

IDtheTarget

Okay, I haven't had a chance to look into this yet, but that "trusted root authority" thing means that you're using a self-signed cert or a cert that comes from a "root authority" that's not in Blazer.

I'd like to know where you bought a $20 cert that is listed on the root authority table in Blazer! the cheapest I was able to find for our server at work was Entrust, which cost us $200.

If you use a self-signed certificate, rather than one that's been signed by a trusted root (such as Entrust or Verisign) and then installed on your server, you'll get that error.

I haven't had a chance to look at work-arounds in Versamail, and I probably won't until Monday. Sorry.

thaumaturgan

yep I know I was using a self signed cert. Hence my belief the problem was in VM not accepting it. and my point was that blazer let you override the untrusted cert whereas VM does not.

I bought an SSL cert from godaddy last night and installed it this morning.
I had to install the issued cert for my server and an intermediate cert that they also sent. I then reconfigured VM to use an SSL connection for activesync. As soon as I did that it worked fine! btw, the $20.00 is per year.

Blazer also no longer reports a problem with the cert when I go to that server's OWA page via https.

Is the entrust cert a one time fee?

IDtheTarget

No, Entrust is $200 / year.

The problem with GoDaddy (and probably the reason that they're so cheap) is that they're not listed in the Root Authorities section of the certificate stores for either Mozilla Firebird or Internet Explorer. So, their certs won't do too much better than a self-signed cert, if I understand it correctly. I'll haveto go to GoDaddy's site and look at how they do their thing next week.

TGavilan

GoDaddy certs work fine not only for the Treo, but for websites in general if browsed with IE or Firefox, and don't generate any kind of warnings. We use them all the time over self-signed certs for specifically those reasons. Cheap at 20 bucks