Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Self Signed SSL Certs
81 views
Skip to first unread message
Jack Mitchell
May 9, 2013, 1:48:11 PM5/9/13
to dev...@lists.mozilla.org
Hi,
Is it currently possible to add self signed SSL certs? I need to add a
self signed cert in order to connect to my imap account using the email
application.
Cheers,
Jack.
--
Jack Mitchell (ja...@embed.me.uk)
Embedded Systems Engineer
http://www.embed.me.uk
--
Is it currently possible to add self signed SSL certs? I need to add a
self signed cert in order to connect to my imap account using the email
application.
Cheers,
Jack.
--
Jack Mitchell (ja...@embed.me.uk)
Embedded Systems Engineer
http://www.embed.me.uk
--
Andrew Sutherland
May 9, 2013, 2:48:53 PM5/9/13
to dev...@lists.mozilla.org
There is an earlier message on dev-b2g that may be of use:
https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
If you have access to change the certificate used, Startcom provides
free certificates that work for mail servers:
https://www.startssl.com/?app=1
Andrew
https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
If you have access to change the certificate used, Startcom provides
free certificates that work for mail servers:
https://www.startssl.com/?app=1
Andrew
Jack Mitchell
May 9, 2013, 3:31:18 PM5/9/13
to dev...@lists.mozilla.org
On 09/05/2013 19:48, Andrew Sutherland wrote:
> There is an earlier message on dev-b2g that may be of use:
> https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
>
Thank you, unfortunately that seems _extremely long winded to get a self
> There is an earlier message on dev-b2g that may be of use:
> https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
>
signed cert going.
>
> If you have access to change the certificate used, Startcom provides
> free certificates that work for mail servers:
> https://www.startssl.com/?app=1
question.
>
> Andrew
Thanks for your help,
Jack.
>
> On 05/09/2013 01:48 PM, Jack Mitchell wrote:
>> Hi,
>>
>> Is it currently possible to add self signed SSL certs? I need to add a
>> self signed cert in order to connect to my imap account using the
>> email application.
>>
>> Cheers,
>> Jack.
>>
>
> dev-b2g mailing list
> dev...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-b2g
Mossroy
May 10, 2013, 3:39:14 AM5/10/13
to mozilla...@lists.mozilla.org
I'm having the same need.
Le 09/05/2013 20:48, Andrew Sutherland a �crit :
I'm a bit scared to "brick" my device if something is wrong.
I'd be willing to test this procedure if there were a reliable way to
backup/restore a device : I did not find it so far (tried adb backup
with no luck)
In any case, there is a workaround on more recent b2g/gaia, with the fix
for https://bugzilla.mozilla.org/show_bug.cgi?id=769178 : if you can
browse to a website secured with this SSL cert, you'll be able to add an
exception for it. And then it will be accepted by the whole Firefox OS.
This workaround worked fine for me on the Firefox OS Simulator.
Unfortunately, the Peak device currently runs an older version, which
does not include this fix.
Regards,
Mossroy
Le 09/05/2013 20:48, Andrew Sutherland a �crit :
> There is an earlier message on dev-b2g that may be of use:
> https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
I had seen this post, but did anyone test it on a real device?
> https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
I'm a bit scared to "brick" my device if something is wrong.
I'd be willing to test this procedure if there were a reliable way to
backup/restore a device : I did not find it so far (tried adb backup
with no luck)
In any case, there is a workaround on more recent b2g/gaia, with the fix
for https://bugzilla.mozilla.org/show_bug.cgi?id=769178 : if you can
browse to a website secured with this SSL cert, you'll be able to add an
exception for it. And then it will be accepted by the whole Firefox OS.
This workaround worked fine for me on the Firefox OS Simulator.
Unfortunately, the Peak device currently runs an older version, which
does not include this fix.
Regards,
Mossroy
Jack Mitchell
May 11, 2013, 4:58:13 AM5/11/13
to dev...@lists.mozilla.org
On 10/05/2013 08:39, Mossroy wrote:
> I'm having the same need.
>
> Le 09/05/2013 20:48, Andrew Sutherland a �crit :
> I'm having the same need.
>
> Le 09/05/2013 20:48, Andrew Sutherland a �crit :
>> There is an earlier message on dev-b2g that may be of use:
>> https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
>
>> https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
>
> I had seen this post, but did anyone test it on a real device?
> I'm a bit scared to "brick" my device if something is wrong.
>
> I'd be willing to test this procedure if there were a reliable way to
> backup/restore a device : I did not find it so far (tried adb backup
> with no luck)
>
> In any case, there is a workaround on more recent b2g/gaia, with the fix
> for https://bugzilla.mozilla.org/show_bug.cgi?id=769178 : if you can
> browse to a website secured with this SSL cert, you'll be able to add an
> exception for it. And then it will be accepted by the whole Firefox OS.
> This workaround worked fine for me on the Firefox OS Simulator.
> Unfortunately, the Peak device currently runs an older version, which
> does not include this fix.
Now that's interesting, as I tried this to no avail, I don't know if
> I'm a bit scared to "brick" my device if something is wrong.
>
> I'd be willing to test this procedure if there were a reliable way to
> backup/restore a device : I did not find it so far (tried adb backup
> with no luck)
>
> In any case, there is a workaround on more recent b2g/gaia, with the fix
> for https://bugzilla.mozilla.org/show_bug.cgi?id=769178 : if you can
> browse to a website secured with this SSL cert, you'll be able to add an
> exception for it. And then it will be accepted by the whole Firefox OS.
> This workaround worked fine for me on the Firefox OS Simulator.
> Unfortunately, the Peak device currently runs an older version, which
> does not include this fix.
downloading the certificates didn't work, but when I try to connect to
my imap I still get the message [bad-security].
I'm on a recent v1-train with the Keon.
>
> Regards,
> Mossroy
Mossroy
May 11, 2013, 5:52:24 AM5/11/13
to mozilla...@lists.mozilla.org
Le 11/05/2013 10:58, Jack Mitchell a �crit :
>> In any case, there is a workaround on more recent b2g/gaia, with the fix
>> for https://bugzilla.mozilla.org/show_bug.cgi?id=769178 : if you can
>> browse to a website secured with this SSL cert, you'll be able to add an
>> exception for it. And then it will be accepted by the whole Firefox OS.
>> This workaround worked fine for me on the Firefox OS Simulator.
>> Unfortunately, the Peak device currently runs an older version, which
>> does not include this fix.
>
> Now that's interesting, as I tried this to no avail, I don't know if
> downloading the certificates didn't work, but when I try to connect to
> my imap I still get the message [bad-security].
>
> I'm on a recent v1-train with the Keon.
>
Is it the same certificate for the email and the web page?
Except if it's a wildcard certificate, it has to be the same machine
name, but you probably know that.
In my case, it was for the calendar application, not the email : maybe
they are not based on the same certificate list?
The calendar application uses standard HTTP requests, whereas the email
uses POP/IMAP/SMTP. I heard that, for the email application, they had to
implement a TCP/IP stack on the Gecko engine. But I would find it
surprising that they do not use the same certificates...
>> In any case, there is a workaround on more recent b2g/gaia, with the fix
>> for https://bugzilla.mozilla.org/show_bug.cgi?id=769178 : if you can
>> browse to a website secured with this SSL cert, you'll be able to add an
>> exception for it. And then it will be accepted by the whole Firefox OS.
>> This workaround worked fine for me on the Firefox OS Simulator.
>> Unfortunately, the Peak device currently runs an older version, which
>> does not include this fix.
>
> Now that's interesting, as I tried this to no avail, I don't know if
> downloading the certificates didn't work, but when I try to connect to
> my imap I still get the message [bad-security].
>
> I'm on a recent v1-train with the Keon.
>
Except if it's a wildcard certificate, it has to be the same machine
name, but you probably know that.
In my case, it was for the calendar application, not the email : maybe
they are not based on the same certificate list?
The calendar application uses standard HTTP requests, whereas the email
uses POP/IMAP/SMTP. I heard that, for the email application, they had to
implement a TCP/IP stack on the Gecko engine. But I would find it
surprising that they do not use the same certificates...
Mossroy
May 18, 2013, 4:17:04 PM5/18/13
to mozilla...@lists.mozilla.org
Le 10/05/2013 09:39, Mossroy a écrit :
answered.
Carmen tested this procedure many times on a real device, with no worries.
According to Carmen : "you can't actually brick your phone just by
playing with the profile directory. If worst came to worst you can just
erase the directory and the .ini and restart the phone. It should
recreate the directory."
I tested it myself successfully with a slightly different procedure,
also given by Carmen. It consists in adding a certificate to the
existing certificate list of the phone :
adb pull /data/b2g/mozilla/bhfe64qf.default/cert9.db .
adb pull /data/b2g/mozilla/bhfe64qf.default/key4.db .
adb pull /data/b2g/mozilla/bhfe64qf.default/pkcs11.txt .
And then you have to reset the database password (on the computer, not
on the device) :
certutil -d sql:. -W
And only then you can add new certs:
certutil -d sql:. -A -n "my_cert" -t "C,C,TC" -i my_cert
And once that's done you can adb push the files back to the device:
adb push cert9.db /data/b2g/mozilla/bhfe64qf.default
adb push key4.db /data/b2g/mozilla/bhfe64qf.default
adb push pkcs11.txt /data/b2g/mozilla/bhfe64qf.default
Many thanks to Carmen for that : it worked great for me.
Regards,
Mossroy
> Le 09/05/2013 20:48, Andrew Sutherland a écrit :
>> There is an earlier message on dev-b2g that may be of use:
>> https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
>
> I had seen this post, but did anyone test it on a real device?
> I'm a bit scared to "brick" my device if something is wrong.
>
I contacted the author of this post (Carmen Jiménez Cabezas), who kindly
>> There is an earlier message on dev-b2g that may be of use:
>> https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.b2g/B57slgVO3TU
>
> I had seen this post, but did anyone test it on a real device?
> I'm a bit scared to "brick" my device if something is wrong.
>
answered.
Carmen tested this procedure many times on a real device, with no worries.
According to Carmen : "you can't actually brick your phone just by
playing with the profile directory. If worst came to worst you can just
erase the directory and the .ini and restart the phone. It should
recreate the directory."
I tested it myself successfully with a slightly different procedure,
also given by Carmen. It consists in adding a certificate to the
existing certificate list of the phone :
adb pull /data/b2g/mozilla/bhfe64qf.default/cert9.db .
adb pull /data/b2g/mozilla/bhfe64qf.default/key4.db .
adb pull /data/b2g/mozilla/bhfe64qf.default/pkcs11.txt .
And then you have to reset the database password (on the computer, not
on the device) :
certutil -d sql:. -W
And only then you can add new certs:
certutil -d sql:. -A -n "my_cert" -t "C,C,TC" -i my_cert
And once that's done you can adb push the files back to the device:
adb push cert9.db /data/b2g/mozilla/bhfe64qf.default
adb push key4.db /data/b2g/mozilla/bhfe64qf.default
adb push pkcs11.txt /data/b2g/mozilla/bhfe64qf.default
Many thanks to Carmen for that : it worked great for me.
Regards,
Mossroy
0 new messages