Welcome Guest Search | Active Topics | Members | Log In

AstraSync and servers running Entrust Certification Authority - L1B / L1C Certificates Options
Amit.Patel
Posted: Wednesday, August 12, 2009 2:01:35 PM
Rank: Advanced Member
Groups: Administration , AstraSync Staff

Joined: 7/9/2008
Posts: 372
Location: USA
There are some issues particularly with US and European issued BlackBerry devices which continue to get a security warning when visiting secure sites running "Entrust Certification Authority - L1B" and "Entrust Certification Authority - L1C" certificates.

When running AstraSync against a server that has such a certificate, the user will continuously get prompted on the BlackBerry device "You are attempting to open a secure connection but the server's certificate is not trusted".

Normally when you get certificate warnings using AstraSync you should use the native BlackBerry Browser and navigate to the site (usually the OWA or webmail login page), and then 'Trust' the certificate. AstraSync is a 3rd party application and so you cannot trust the certificate from within the application. You must use the native Browser to permanently trust the certificate. Once it has been trusted the warning should no longer appear.


In situations where this particular Entrust certificate is used, even after you try to add the certificate from the native (BlackBerry) browser the message continues to appear.

This problem appears to be related to BlackBerry devices and the particular Entrust certificate. AstraSync does not have control over the issue. The affected certificates appear to be ones where the issued by says "Entrust Certification Authority - L1B" (and L1C).

The issue has been reported to Entrust, however they are not able to provide a solution for this.

If you are a server administrator that runs this particular certificate and are running into this problem, we recommend you contact Entrust support and report that each time you visit a site running the Entrust certificate, your device keeps prompting you with a warning and you cannot permanently trust it.


POSSIBLE WORK AROUND FOR ADMINISTRATORS ONLY:

Some customers have reported the solution in the following document has helped resolve the situation:

http://blogs.msdn.com/scottos/archive/2009/07/14/federation-and-or-pic-may-fail-against-partners-using-2048-bit-signed-root-cas.aspx

We recommend you contact Entrust Support for guidance on whether the changes recommended here will help your situations. This document is provided as-is and are not specifically endorsed or supported by AstraSync.






Amit Patel
AstraSync Support
www.astrasync.com
Users browsing this topic
Guest


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Main Forum RSS : RSS


Copyright © MailSite Software Inc. All rights reserved.