Welcome Guest Search | Active Topics | Members | Log In

Server's certificate is not trusted Options
bshire
Posted: Tuesday, December 15, 2009 9:30:51 AM
Rank: Member
Groups: Member

Joined: 1/7/2009
Posts: 10
My company was just purchased on Friday and our email server has changed. I made all of the necessary adjustments in the server settings tab but when trying to sync using the cell phone connection I get the following warning: "You are attempting to open a secure connection, but the server's certificate is not trusted". It gives me 4 options: 1) Continue 2) Close Connection 3) View Certificate 4) Trust Certificate. If I choose 1) continue I can sync my PIM but I have to hit continue numerous times and it will not sync by itself. If I choose 4) Trust Certificate another popup with the title Key Store Access shows up and asks for a password to grant the application access to the Handheld Key Store. I enter in the password that I believe I have for my Key Store but I get the following error: "The certificate could not be added to the Trusted Key Store due IT Policy restrictions.

This seems to only be happening when trying to sync with the cell phone connection. When I get home and use my Wi-Fi connection it works without asking any of these questions.

Any help?
Ranald Lillie
Posted: Wednesday, December 16, 2009 5:41:25 AM
Rank: Advanced Member
Groups: Administration , AstraSync Staff

Joined: 3/11/2009
Posts: 862
Location: UK
Hello bshire,

This dialog you are seeing is a native BlackBerry prompt.

It maybe that you have IT policy restrictions on your device, was it ever connected to a BES server? If so you will need to take this up with your server admin.

However it may just be a case of forcing the device to accept it:

From the Home Screen select Options, then Security, then Certificates.

Locate the certificate your server uses in the list and check if it has a green check mark, yellow question mark, or red X next to it. Try highlighting the certificate and selecting Trust from the menu.

If the certificate has expired or one of the certificates in the chain have expired then the device will not trust it and there is nothing you can do except get the server admin to renew the certificate.

Ranald.

Ranald Lillie
AstraSync Support
bshire
Posted: Wednesday, December 16, 2009 7:23:37 AM
Rank: Member
Groups: Member

Joined: 1/7/2009
Posts: 10
Forcing the Certificate to be accepted worked. I've never had the device connected to a BES server so I'm not sure how this happened but it's working now. It was showing a red x but now it shows a yellow ? after the force acceptance. Thanks for the help.
dlocasci
Posted: Tuesday, December 22, 2009 6:27:51 AM
Rank: Newbie
Groups: Member

Joined: 12/22/2009
Posts: 1
I just purchased this application and am also having this problem. I "trusted" the certificate manually as described and no have a yellow/orange question mark next to the certificate but am constantly being asked to trust the certificate from within the mail application. This is making the program unusable for me. Any suggestions?
Ranald Lillie
Posted: Wednesday, December 23, 2009 4:01:41 AM
Rank: Advanced Member
Groups: Administration , AstraSync Staff

Joined: 3/11/2009
Posts: 862
Location: UK
Hello dlocasci,

The yellow questions mark means "The revocation status of the certificate chain is unknown, or a public key for a certificate in the certificate chain is weak." This may be the reason why the device is continuing to prompt you.

You can check the revocation status of a certificate or certificate chain by doing the following:

1. On the Home screen, click the Options icon.
2. Click Security Options.
3. Click Certificates.
4. Highlight a certificate.
5. Press the Menu key.
6. Click Fetch Status or Fetch Chain Status. (if available)

Please consult your server admin to ensure that the certificate protecting the ActiveSync server is valid.
If not, your server admin may be able to rectify this by using a new certificate.

Alternatively if you server allows connections without SSL you can connect like this through AstraSync eliminating the certificate issue. Although this has security implications and may not be allowed by your IT policy.

Ranald.

Ranald Lillie
AstraSync Support
msugrad598
Posted: Thursday, November 4, 2010 12:52:55 PM
Rank: Newbie
Groups: Member

Joined: 8/20/2009
Posts: 4
Ranald,

I have a similar issue. I tried the fetch status option you posted below, but I did not have the option to do so. I believe I have to connect using SSL, so what other options are they so I do not have to approve connection to the server almost every time a sync is initialized?

Jennifer
Ranald Lillie
Posted: Friday, November 5, 2010 3:46:54 AM
Rank: Advanced Member
Groups: Administration , AstraSync Staff

Joined: 3/11/2009
Posts: 862
Location: UK
Hello Jennifer,

What device and OS are you using?

You may not need to check the revocation status, have you tried explicitly trusting your server certificate as I mentioned in the post above (dated: 16th Decemeber)?

Look for any certificate that is associated with your server, there maybe more than one.

Ranald.


Ranald Lillie
AstraSync Support
Users browsing this topic
Guest


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.

Main Forum RSS : RSS


Copyright © MailSite Software Inc. All rights reserved.