Ask / Submit
4

self-signed SSL certificates should be accepted for Exchange sync [answered]

asked 2013-12-25 11:24:43 +0200

duesselschorsch gravatar image

updated 2013-12-25 11:41:13 +0200

eric gravatar image

Some of us want to use their own servers that have a self-signed SSL certificate for synchronization with the Exchange client from the Jolla store. There should be a way to accept these certificates while setting up the synchronization.

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by LaruX
close date 2013-12-29 13:11:07.368171

Comments

I would suggest to widen this request not just to Microsoft Exchange SSL certificates but also to Jabber/XMPP and email certificates. Currently it's not possible to use self-signed SSL certificates for any of these services and there is even no error message when you try to use it.

Plnt ( 2013-12-25 11:29:46 +0200 )edit
1

For Jabber/XMPP there is a workaround (using the command line) at http://talk.maemo.org/showthread.php?t=92053 IMAPS/SMTPS e-mail already works with self-signed certificates (at least for me)

duesselschorsch ( 2013-12-25 11:38:02 +0200 )edit

3 Answers

Sort by » oldest newest most voted
3

answered 2013-12-25 19:52:44 +0200

tbr gravatar image

updated 2013-12-25 20:07:33 +0200

A proper deployment of Exchange should have a properly trusted certificate. If you have a Exchange server that isn't trusted you are likely to also be willing to do the following: a) Save a copy of the certificate. b) Copy it to the device into /etc/ssl/certs.

You might need to create a symlink inside the same directory with a hash of the certificate: "ln -s yourcert.pem `openssl x509 -hash -noout -in yourcert.pem `.0"

I'm aware that this is just a workaround. Jolla is aware of this and are working on addressing this in general AFAIU.

edit flag offensive delete publish link more

Comments

1

Sometimes you want a CA cert or even roll your own cert if you don't trust the big authorities.

slaveriq ( 2013-12-25 20:18:56 +0200 )edit

Thanks, works fine for me now. (actually it's a Zarafa server, not an Exchange server)

duesselschorsch ( 2013-12-25 20:50:01 +0200 )edit
2

@slaveriq YES. Actually a self-signed certificate, properly distributed over a secure channel is safer than one bought from an authority.

tiemen ( 2013-12-27 01:21:13 +0200 )edit
0

answered 2013-12-25 11:36:17 +0200

vbmithr gravatar image

See this for XMPP. Possibly working for Exchange as well.

edit flag offensive delete publish link more

Comments

Unfortunately that one only works for Jabber/XMPP. not for Exchange

duesselschorsch ( 2013-12-25 11:40:12 +0200 )edit
0

answered 2013-12-28 09:55:12 +0200

duesselschorsch gravatar image

Fixed with update to SailfishOS 1.0.2.5 (Maadajävri) from 27-Dec-2013

edit flag offensive delete publish link more

Comments

1

Can we get a few more confirmations and close the issue?

BTW: The device should not accept any self-signed certificates without user confirmation! Otherwise we do not need any certificates as then there is no security anyway.

ortylp ( 2013-12-28 09:58:33 +0200 )edit

Question tools

Follow
2 followers

Stats

Asked: 2013-12-25 11:24:43 +0200

Seen: 738 times

Last updated: Dec 28 '13