[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Palm Treo 755p - Issue converting and installing GoDaddy cert for sync with Exchang 2003 S2

Posted on 2008-11-06
3
Medium Priority
?
1,693 Views
Last Modified: 2012-05-05
I have an SBS 2003 SP2 server domain running Exchange 2003 SP2. The security cert purchased from GoDaddy last year expired on Oct 31st. So our hand-held users were no longer able to sync with Exchange - as expected. We requested a cert renewal from GoDaddy, sent them the expired cert and within hours received the new cert back which was installed on the server and distributed to the client workstations to install in IE for Outlook with RPC over HTTP. This went perfectly, as did the installations in the iPhones and Blackberries. Everything on that end is working perfectly.

BUT  we have users who have Palm Treo 755p's. For them we downloaded the latest version of Palm HotSync (for Sprint) v4.1.4 along with the latest available version of the Palm Certificate Tool (Certificate Authority Updater).

The certs were converted from their original format...

"email.domain.biz.crt"  
to
"cert.pdb"

...using the method found here: http://www.palm.com/us/support/downloads/versamail/certmodtool.html

During the process, however, it was necessary to change the file-type of the new GoDaddy cert from "crt"  to "cer" in order for the Palm Certificate Authority Updater tool to recognize it for the conversion to a "cert.pdb" file.

Once the new "cert.pdb" file was in the Certificate Authority Updater, we ran HotSync and all data was synchronized.

BUT a review of the logs showed that each time we tried (and it was a dozen or so) the newly converted "cert.pdb" was rejected and deleted from the sync file path as being no-good or corrupt.

Here is the entry from the HotSync log:

"- Invalid handheld file deleted: C:\Program Files\palmOne\UserName\Install\certs.pdb
OK Install with 1 message(s)"

My concern is the new cert from GoDaddy. Does anyone know if this issue is due to the file type being "crt" rather than "cer" ?

It concerns me that there was no way to make the Palm Certificate Authority Updater recognize the GoDaddy cert in its original file format, and that it had to be changed to "cer".

Has anyone come across this before?

0
Comment
Question by:mojopojo
3 Comments
 
LVL 15

Accepted Solution

by:
tenaj-207 earned 1600 total points
ID: 22902211
Palm software doesn't support anything above 128 bit certificates.  By default GoDaddy gives 256 bit certificates. It is not a well know issue but you can confirm in by calling Palm (although it took me four hours to get it out of them) or here's a couple of sites that mention the issue;

http://forums.palm.com/palm/board/message?board.id=activesync&message.id=4545
http://forums.palmone.com/palm/board/message?board.id=activesync&thread.id=1411

To get the 128 bit compatible certificate you'll need to contact GoDaddy and have them give you the directions to make the certificate.

Good luck to you,
tenaj
0
 
LVL 33

Assisted Solution

by:Exchange_Geek
Exchange_Geek earned 400 total points
ID: 22902388
"The certs were converted from their original format...

"email.domain.biz.crt"  
to
"cert.pdb"

...using the method found here: http://www.palm.com/us/support/downloads/versamail/certmodtool.html

During the process, however, it was necessary to change the file-type of the new GoDaddy cert from "crt"  to "cer" in order for the Palm Certificate Authority Updater tool to recognize it for the conversion to a "cert.pdb" file. "


Why do you have to change the format ???

If you follow the link below - you would get *.cer format. Are you getting *.crt ?????

First, get the certificate:                         Obtain the root certificate that you would like to add to the device from the server.                         
                         From Internet Explorer on the server that contains the Trusted Root Certificate Authority, choose Tools > Internet Options. Click the Content tab. Then click the Certificates button.                         
                         From the Trusted Root Certificate Authorities tab, select whichever certs you want.  Click the Export button.                         
                         Click Next. Leave the default DER encoded x.509 cert. Give it a file name and choose the location to export the certificate using Browse& 
                         Click Finished. You should see a prompt saying the export was successful.             

0
 
LVL 3

Author Comment

by:mojopojo
ID: 22912712
Exchange Geek - Sorry I should have been more specific. I "changed the file-typ" on the GoDaddy cert by importing/exporting it into IE. The export was in the DER format. So yes, that is the process.

I talked to GoDaddy. They sent a new cert and the conversion would to install it on the phones, but there were still SSL comunication issues with the server. This, I Was told was due to the 128/256 bit encryption issue. They offered to work through it with me, making adjustments on the sever-side cert instalation but it was judged not to be cost effective.

In the end it was decided to get the users off of the Palm platform and replace the devices with Windows Mobile Treos.

I know that's a "nuclear-solution" but I'm happy that we were able to standardize fthe mobile users to a Windows Active Sync platform.

Thanks guys.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On September 18, Experts Exchange launched the first installment of the Help Bell, a new feature for Premium Members, Team Accounts, and Qualified Experts. The Help Bell will serve as an additional tool to help teams increase question visibility.
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses
Course of the Month19 days, 16 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question