We have moved to a new Sailfish OS Forum. Please start new discussions there.

self-signed SSL certificates should be accepted for Exchange sync [answered]

asked 2013-12-25 11:24:43 +0300

duesselschorsch gravatar image

updated 2013-12-25 11:41:13 +0300

eric gravatar image

Some of us want to use their own servers that have a self-signed SSL certificate for synchronization with the Exchange client from the Jolla store. There should be a way to accept these certificates while setting up the synchronization.

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by LaruX
close date 2013-12-29 13:11:07.368171


I would suggest to widen this request not just to Microsoft Exchange SSL certificates but also to Jabber/XMPP and email certificates. Currently it's not possible to use self-signed SSL certificates for any of these services and there is even no error message when you try to use it.

Plnt ( 2013-12-25 11:29:46 +0300 )edit

For Jabber/XMPP there is a workaround (using the command line) at http://talk.maemo.org/showthread.php?t=92053 IMAPS/SMTPS e-mail already works with self-signed certificates (at least for me)

duesselschorsch ( 2013-12-25 11:38:02 +0300 )edit

3 Answers

Sort by » oldest newest most voted

answered 2013-12-25 19:52:44 +0300

tbr gravatar image

updated 2013-12-25 20:07:33 +0300

A proper deployment of Exchange should have a properly trusted certificate. If you have a Exchange server that isn't trusted you are likely to also be willing to do the following: a) Save a copy of the certificate. b) Copy it to the device into /etc/ssl/certs.

You might need to create a symlink inside the same directory with a hash of the certificate: "ln -s yourcert.pem `openssl x509 -hash -noout -in yourcert.pem `.0"

I'm aware that this is just a workaround. Jolla is aware of this and are working on addressing this in general AFAIU.

edit flag offensive delete publish link more



Sometimes you want a CA cert or even roll your own cert if you don't trust the big authorities.

slaveriq ( 2013-12-25 20:18:56 +0300 )edit

Thanks, works fine for me now. (actually it's a Zarafa server, not an Exchange server)

duesselschorsch ( 2013-12-25 20:50:01 +0300 )edit

@slaveriq YES. Actually a self-signed certificate, properly distributed over a secure channel is safer than one bought from an authority.

tiemen ( 2013-12-27 01:21:13 +0300 )edit

answered 2013-12-25 11:36:17 +0300

vbmithr gravatar image

See this for XMPP. Possibly working for Exchange as well.

edit flag offensive delete publish link more


Unfortunately that one only works for Jabber/XMPP. not for Exchange

duesselschorsch ( 2013-12-25 11:40:12 +0300 )edit

answered 2013-12-28 09:55:12 +0300

duesselschorsch gravatar image

Fixed with update to SailfishOS (Maadajävri) from 27-Dec-2013

edit flag offensive delete publish link more



Can we get a few more confirmations and close the issue?

BTW: The device should not accept any self-signed certificates without user confirmation! Otherwise we do not need any certificates as then there is no security anyway.

ortylp ( 2013-12-28 09:58:33 +0300 )edit

Question tools



Asked: 2013-12-25 11:24:43 +0300

Seen: 913 times

Last updated: Dec 28 '13