gueraf
asked on
Testing IMAP connectivity
Would like to use secure IMAP for Blackberry but having trouble getting it to work.
Testing IMAP locally on port 143 and 993. Below is the log I get when I try to connect
ON PORT 143:
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (Phoenix.Ungerfabrik.local ) ready.
login bbimap Blackxx
login BAD Protocol Error: "Unidentifiable command specified".
ON PORT 993:
SSL handshake has read 3951 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 550F0000C9035406ADA10A318A 9EEABC9A4F FFA5003404 5019D36E28 FA528DBE
Session-ID-ctx:
Master-Key: 3B8D0A0B67C02DD4282686308B 9B64F09A29 771E2168D1 EB285CABAC E5177A4FDD DBF7879ECA FB5158063B F25708CC76
Key-Arg : None
Start Time: 1201645639
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (Phoenix.Ungerfabrik.local ) ready.
login bbimap Black15
* BAD Protocol Error: "Command received without terminating <CR><LF> sequence".
Testing IMAP locally on port 143 and 993. Below is the log I get when I try to connect
ON PORT 143:
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (Phoenix.Ungerfabrik.local
login bbimap Blackxx
login BAD Protocol Error: "Unidentifiable command specified".
ON PORT 993:
SSL handshake has read 3951 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: 550F0000C9035406ADA10A318A
Session-ID-ctx:
Master-Key: 3B8D0A0B67C02DD4282686308B
Key-Arg : None
Start Time: 1201645639
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (Phoenix.Ungerfabrik.local
login bbimap Black15
* BAD Protocol Error: "Command received without terminating <CR><LF> sequence".
ASKER
using a telnet session to port 143 from a terminal(unix) with the following command:
001 login bbimap Blackxx - this works
telnet does not seem to work for port 993, so I issue below command to open an SSL session:
open ssl s_client -connect servername:993 ....using the same format with the ID still unable to login
001 login bbimap Blackxx - this works
telnet does not seem to work for port 993, so I issue below command to open an SSL session:
open ssl s_client -connect servername:993 ....using the same format with the ID still unable to login
I don't know much about telnet with SSL - I don't think I even have a telnet client that can handle it. I just thought I'd mention to you the fact that IMAP commands need that ID at the beginning.
Do you still see the IMAP banner when you connect? What error message are you getting now? Still the same * BAD Protocol Error: "Command received without terminating <CR><LF> sequence"?
Do you still see the IMAP banner when you connect? What error message are you getting now? Still the same * BAD Protocol Error: "Command received without terminating <CR><LF> sequence"?
ASKER
Yep, I do get the banner and still same BAD Protocol Error: and because of this error the guys at RIM thinks the problem is on my exchange server. Blackberry works with IMAP If connected to the non secure port.
FWIW, I don't think the problem is with Exchange per se (although it may still be something at the server end), since the SSL en/decryption should be taking place at a higher level than the IMAP conversation. In other words, it is my belief that something else should be handling the SSL before Exchange's IMAP even gets to look at what is being sent.
How about if you try to connect another IMAP client, like Outlook Express, via SSL?
How about if you try to connect another IMAP client, like Outlook Express, via SSL?
ASKER
definitely works with outlook express via SSL
That's a good sign, I guess. I wonder if the error you see in telnet:
Verify return code: 20 (unable to get local issuer certificate)
is spoiling the telnet IMAP test?
Are you able to get IMAP working on the Blackberry without SSL? That would tell you whether it is an SSL problem, or not.
Verify return code: 20 (unable to get local issuer certificate)
is spoiling the telnet IMAP test?
Are you able to get IMAP working on the Blackberry without SSL? That would tell you whether it is an SSL problem, or not.
ASKER
yes it works without SSL
Did you do your telnet port 993 test from the LAN? Is your firewall/router configured to forward port 993 traffic to the correct server?
ASKER
Did the test in and out and same result, that was actuall my first guess and firewall just lets it thru
Did you issue your own SSL certificate, or purchase one?
ASKER
I purchased one from GoDaddy.com
Do you know if the device supports that certificate? If not, is there an option to import it?
ASKER
do not know, will contact RIM and find out, I called GoDaddy and was told that the os on the blackberry 4.1 and above is compatible checked the BB and it is 4.2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I just got a call from RIM, they said it seems to be a problem with the SSL implementation. They will do some more testing and will get back with me.
Thanks!
Thanks!
ASKER
Called Microsoft, was told that there was nothing wrong with the setup and that the certificate from GoDaddy is ok, since they tested entourage(mac) and outlook express from outside using IMAP SSL.
So I asked them to create a self signed certificate, I'm currently using that on the IMAP and the Blackberry was able to connect. I think this pretty much points to the certificate as the problem.
So I asked them to create a self signed certificate, I'm currently using that on the IMAP and the Blackberry was able to connect. I think this pretty much points to the certificate as the problem.
Are you doing your telnet from a Linux box?
I get the exact same error.
Here is what i found.
I am trying to telnet to exchange server on port 993 from a Linux machine.
When I try the exact same thing from windows 7 cmd line it works like a charm.
So, something to do with the way CRLF is treated by two operating systems.
Please let me know if you know how to fix the CRLF translation
Regards and thanks
I get the exact same error.
Here is what i found.
I am trying to telnet to exchange server on port 993 from a Linux machine.
When I try the exact same thing from windows 7 cmd line it works like a charm.
So, something to do with the way CRLF is treated by two operating systems.
Please let me know if you know how to fix the CRLF translation
Regards and thanks
01 login bbimap Blackxx