BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 09-07-2009, 04:38 PM   #1 (permalink)
New Member
 
Join Date: Sep 2009
Location: England
Model: 8320
PIN: N/A
Carrier: Orange
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default BIS and self-signed certificate?

Please Login to Remove!

Hi all,

I'm not a regular forum poster on any forums, usually I can find the answers I need by googling, but this one's really got me beat.

I have a debian server running postfix and dovecot serving up IMAPS (993), POP3S (995) and SMTP with TLS (25). As it's email I figure I can happily create certificates with my own root CA - clients can simply install the root cert and everything works fine.

I've tested with openssl s_client, as well as Outlook and Thunderbird and all works as expected.

The problem I have is with BIS. And it's a simple question, I think, but not one that I've been able to find an answer to:

Does BIS refuse self-signed, or untrusted certificates?

See, I'm trying to set up an account through the BIS site (on computer or handheld, it doesn't matter, I get the same errors). On attempting to set up an account (after it's tried to auto-detect and I've got to the page where I put in the address, username and server name) I get:

Cannot connect to email server or invalid server name:

Please verify the server name. If the error persists contact example.com (your
email provider).


I thought I'd cheat, open up IMAP temporarily on the server, then try and switch the account to IMAPS...no luck there either. If I go into 'advanced settings' (again handheld and big computer give the same error) and tick the SSL box I get:


An error occurred during email account validation.
Please check your information and try again.


It's definitely not settings, everything is tickety-boo with clients that connect directly to the mail server...

The error messages BIS provides are so generic it's very difficult to know what's going on. FWIW, on the server side I get:

dovecot: imap-login: Disconnected: rip=216.9.253.55, lip=x.x.x.x, TLS handshake

Which tells me something's falling over during the secure connection negotiation process, but what? and why? Unfortunately this is about as verbose as the logging gets - I know it's a bit OT but I've not been able to find a way of logging low-level SSL/TLS activity on my server.

If only I had a clue about what the BIS server was trying to do then at least I'd know whether to give it up and look for another solution.

So, I go back to my original question:

Does anyone know how BIS handles untrusted certificates?

If you're still reading at this point, thank you for your patience and persistence!
Offline  
Old 09-30-2009, 07:06 AM   #2 (permalink)
New Member
 
Join Date: Sep 2009
Location: UK
Model: 8900
PIN: N/A
Carrier: Orange
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Agreed

I'm having a similar problem.

Existing users configured with BIS before the cert expired (3 days ago!) are enjoying uninterrupted use, where BIS is now just rejecting the server name and the new user i am trying to add.

If you find a solution please let me know and naturally I'll do likewise!
Offline  
Old 09-30-2009, 08:00 AM   #3 (permalink)
New Member
 
Join Date: Sep 2009
Location: UK
Model: 8900
PIN: N/A
Carrier: Orange
Posts: 4
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by jfdmedia View Post
I'm having a similar problem.

Existing users configured with BIS before the cert expired (3 days ago!) are enjoying uninterrupted use, where BIS is now just rejecting the server name and the new user i am trying to add.

If you find a solution please let me know and naturally I'll do likewise!
I'm afraid my problem actually turned out to be far simpler:

My customers mailbox name (not username) on the server was their (rather unfortunate) birthname rather than their 'professional' name which they neglected to tell me and took a little working out since i have no access to their server!

All the best with your quest
Offline  
Old 09-30-2009, 01:09 PM   #4 (permalink)
BlackBerry Extraordinaire
 
Join Date: Jan 2006
Model: LEZ10
OS: 10.0.10
Carrier: Rogers CA
Posts: 1,704
Post Thanks: 20
Thanked 77 Times in 68 Posts
Default

onfocus:

I set up my https and imaps servers using certificates from CACert.Org (which I'm quite sure RIM (BIS) doesn't trust), and they have since expired but it works fine.

My settings are: email account name: the full email name ie <name>@<domain>
server type: IMAP
port: 993
ssl: checked

The biggest problem I had when I set everything up was figuring out what the account name was, and how to enter that into all the tools so it was presented to server.

Do the IMAP server or mail logs shed any light?
__________________
My other Blackberry is a PlayBook.
Offline  
Old 09-30-2009, 03:14 PM   #5 (permalink)
New Member
 
Join Date: Sep 2009
Location: England
Model: 8320
PIN: N/A
Carrier: Orange
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

jfdmedia - glad you got it sorted.

hrbuckley - thanks for posting your experience. Unfortunately the mail server logs don't give me anything I could really call helpful - and that's with all the verbose logging turned on that I can find.

My settings are pretty much the same, I'm just beginning to wonder if there's something up with the way I'm generating the certificates.

Does anyone know if BIS behaves differently for different networks or different geographical areas?

I posed the question to the BB security team and got the reply 'Please contact your wireless service provider for assistance.' After 2 weeks. Plainly this is rubbish as I'm using the bis.eu.blackberry.com server to set up the accounts in the first place - that's not provider dependent but there may be a difference between bis.eu and bis.na?

If only RIM published some technical specs for connecting to BIS...
Offline  
Old 12-09-2009, 04:37 AM   #6 (permalink)
New Member
 
Join Date: Dec 2009
Model: 8310
PIN: N/A
Carrier: buike
Posts: 2
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

i have bb 8310 buy usa AT&T.now this handset use in bangladesh. operator grameenphone bangladesh.now how can i set wap configuration in my handset.please help me sir
Offline  
Old 06-09-2010, 03:32 AM   #7 (permalink)
New Member
 
Join Date: Dec 2009
Model: 1
PIN: N/A
Carrier: 1
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Lightbulb Great

Great articlexxx65292;thanks for sharing.
__________________
christian louboutin shoes
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.