I need to import a certificate for my WIFI. I can get this as a PEM or DER format certificate from our admins, which I can use on anything else from a laptop to a pda.
On the Nexus the certificate needs to be .p12 files (PKCS#12). I do not have one of these, nor can I get one, nor can I find a way to convert the current PEM/DER to one of these.
How do I do this? It seem pointless if the nexus requires a different format than that provided to people to work with all other devices. Admins are not going to start issuing a special format, just for nexus users, Especially when that format seems to need a private key in addition and/or another password too.
Anyone else managed to do this?
I installed a certificate (a .crt file) by opening it with the web browser (via HTTP). You could also try opening it in Astro or another file manager.
A lot of people have complained about this. Apparently you have to import it from the web browser. File and gmail apps don't seem to know how to handle the certs.
You can forward it to your gmail account then use the web browser to get to gmail and import it from there.
Hi Guys,
I don't mean to hijack the thread, I've been trying to find the full encryption standards and protocols supported by the nexus one and have not had much luck. I presume you guys might have an idea.
Anyone got a link ? Thanks for your help. Ash.
robert-qfh said:
I installed a certificate (a .crt file) by opening it with the web browser (via HTTP). You could also try opening it in Astro or another file manager.
Click to expand...
Click to collapse
UmbraeSoulsbane said:
A lot of people have complained about this. Apparently you have to import it from the web browser. File and gmail apps don't seem to know how to handle the certs.
You can forward it to your gmail account then use the web browser to get to gmail and import it from there.
Click to expand...
Click to collapse
I've tried opening with a few file browsers, no luck as they refuse to open them, tried various ways of opening with web browsers, no luck as all they want to do is save them, and then the file browsers dont want to open. Also tried email and opening through the web or client. No luck.
Can you guys break it down how you got it to work ?
Thanks
Ash.
Anyone know how to load a .crt and .ca certificates on the nexus one ?
I've tried doing everyway with and without the certificates.
Thanks
Ash.
Just tried uploading a .DER cert to my personal FTP and goto it via the browser and it simply opened it like a text file. .P12 files are recognised by the browser fine and the user is prompted for the passkey but that is expected as .P12 seem to be the only type of cert that works on Android.
You could try to manually modify wpa_supplicant.conf . Depending on the network configuration this may vary. This is the same way you would do it in Linux. I remember I did this in my G1 ( I dunno if you need root, my G1 was rooted anyway), but the location of the file was not in /etc like it is usually in most Linux. My conf looked like this:
network={
ssid="somenetworkWPA"
proto=RSN
key_mgmt=WPA-EAP
pairwise=CCMP
eap=PEAP
identity="[email protected]"
password="pass"
phase2="autheap=MSCHAPV2"
ca_cert="/sdcard/mycert.der"
}
There are plenty of samples and explanations around the net about changing this file. Hope this helps.
janfsd said:
You could try to manually modify wpa_supplicant.conf . Depending on the network configuration this may vary. This is the same way you would do it in Linux. I remember I did this in my G1 ( I dunno if you need root, my G1 was rooted anyway), but the location of the file was not in /etc like it is usually in most Linux.
Click to expand...
Click to collapse
It's /data/misc/wifi/wpa-supplicant.conf. It's owned by wifi:wifi with permissions 770. So it appears you'll need to be root.
Related
Hey,
Recently a new security rule was set for my exchange server.
Now i have to install a certificate on the device in order to synchronize.
I have it in 2 versions - *.*cer and *.*cab
Appreciate if anyone can share with mе how to install it.
Thanks!
i've been having this issue as well, so far I haven't found away to do it
Same problem. I've to syncronize my work exchange account, but it requires to install a .cer certificate.
Anyone can help us?
stalvatero said:
Same problem. I've to syncronize my work exchange account, but it requires to install a .cer certificate.
Anyone can help us?
Click to expand...
Click to collapse
Hey guys, got it! http://chart.apis.google.com/chart?...market://search?q=pname:com.nitrodesk.nitroid
It's on the market. Works perfect, it has great design and it's exactly for our problem. I did have some issues with the authentication because the exchange allows only WM devices but the developer was so kind and helpful to find a solution.
It has 5 days trial. You can try if it works with your exchange servers.
The app is simply amazing allowing you to install 2 different types of certificates.
Will buy the license for sure.
Finally!
I concur, Nitroid's "Touchdown" works wonderfully. And I cannot say enough about the tech support. In the early versions (which were a bit buggy but still worked well) they staff was responsive and helpful in what turned out to be a very stupid config error on my end. They were willing to help me troubleshoot multiple times (thru e-mail but extremely fast, I have a gmail thread with about 6 or 7 responses in a row in one day). When all was said and done I was left with a "now that's how you handle a frustrated customer!" feeling, in a word, they rock!
P.S Touchdown allows you to choose which folders from your server you wish to see if your like me and don't have everything flooding your inbox. That was a big issue for me on the old work email app from the earlier Hero roms.
Great! will test during these days then!
.cer files import SUCCESSFULLY to get exchange sync
Just got a Sprint HTC EVO running Android (GREAT PHONE!!).
Found out from several posts that there is a function
Settings -> Security -> Install from SD Card
that imports .p12 certificates from the root of the SD Card.
Found out that it recognizes and successfully imports .cer certificate files too!!.
[Warning, you can use usb to copy the certificate to the root of your SD Card, but be sure to disconnect otherwise the "Install from SD Card" will be greyed out.]
hi Kathey
I managed to copy and install the certificate following your instructions but it is still impossible to download attachements can you do it?
I don't know if the certificate was recognized by my HTC Desire.
I've tried everything and I am so disappointed i really need my connection to exchange to open up the attachments.
kathey said:
Just got a Sprint HTC EVO running Android (GREAT PHONE!!).
Found out from several posts that there is a function
Settings -> Security -> Install from SD Card
that imports .p12 certificates from the root of the SD Card.
Found out that it recognizes and successfully imports .cer certificate files too!!.
[Warning, you can use usb to copy the certificate to the root of your SD Card, but be sure to disconnect otherwise the "Install from SD Card" will be greyed out.]
Click to expand...
Click to collapse
@kathey: Just an addition
.cer certificates are normally encoded in DER/binary. Android cannot read these files!
You may need to convert the certificates to Standard PEM (normally with .crt file extension).
I was able to import a PEM BASE64 certificate I exported from the Windows MMC (certmgr.msc) into my G2 after changing the file extension from .cer to .crt
SonofSoong said:
I was able to import a PEM BASE64 certificate I exported from the Windows MMC (certmgr.msc) into my G2 after changing the file extension from .cer to .crt
Click to expand...
Click to collapse
This worked for me as well.
caro23 said:
@kathey: Just an addition
.cer certificates are normally encoded in DER/binary. Android cannot read these files!
You may need to convert the certificates to Standard PEM (normally with .crt file extension).
Click to expand...
Click to collapse
Has anyone used these certificates to read encrypted email successfully on the Android, I can install the certificate from SD card, but cannot decrypt encrypted email, I could do this on windows mobile 5!!! Am I missing a step or funciotnality not available yet on Froyo 2.2
I was trying to install .cer and .crt certificates onto my HTC Desire and it kept saying "No certificates to install" when selecting the files in the root folder of the SD card. Then I generated a .p12 format file, which seemed to work. I don't know if it was because of the format readability or the earlier files were corrupt. Might be helpful.
the procedure: Settings > Security > Install from SD card (u should see the certificate files here if any present on your SD card root folder).
Cheers.
You can check your corporative email using a certificate file with SecureEAS app, is on the market, and it's free.
https://market.android.com/details?id=com.metaworldsolutions.froyo.android.email
certificates
how to generate a P12 format file ?
Where can I get the certificate for the Cisco Any Connect ? How can I generate it?? Help please!
Does this help?? https://market.android.com/details?id=com.cisco.anyconnect.vpn.android.rooted
cowsick said:
Does this help??
Click to expand...
Click to collapse
I know this app. It's just a vpn client.
And this cisco client required certificate to be installed to setup client properly.
And the question is how to get this certiificate? Where can I get it or generate ?
From the cisco router?
cowsick said:
Does this help?? https://market.android.com/details?id=com.cisco.anyconnect.vpn.android.rooted
Click to expand...
Click to collapse
Ever since I moved from Windoze Mobile 6.5 that seamlessly handled certificates, the only solution Ive found for encrypting email is using Touchdown
Great. Tks alot. I was success.
Hi,
To gain access to WIFI at university I have to login with my user/pass credentials.
The certificate of their website (the local home page that asks for the credentials) is not recognized as a trusted certificate, so we install it separately on our computers.
I want to know how to install such certificates on Android, I have HTC magic and I came through this question which seems the same problem but the solution is specific to exchange server and not the browser http://forum.xda-developers.com/showthread.php?t=551512
This is the details of installing the certificate from the university's page [LINK]
if you are rooted, download wifi helper (its free) from market and it should help you configure your wifi with custom cert files.
Hey,
I stumbled onto this topic as I had the problem (but on the Droid, Android v2.0). I then figured out how to do it and made a tool to make it easier. I call it RealmB's Android Certificate Installer. It basically gives your Android's web browser the correct HTTP headers to make it launch the CA certificate installation wizard.
Hope this helps,
Brian
I used Android's built-in certificate manager.
1. Just drop your certificate file onto the sdcard/download folder.
Note: Keep in mind the manager looks for .p12 and/or .crt files. I had a .cer file, but it was PEM formatted so I simply changed the extension.
2. Go to settings-> Security & Privacy -> Install from SD Card
Note: I use the MIUI rom, so millage may vary a bit on other roms
Done! Enter your credentials password, or create a new one if you didn't have one already, and you're all set!
Thanks MrNago
renaming .cer to .crt really makes me being able to install it. Life can be so easy ... (MIUI 2.3)
I was looking for a way to do this exact thing, and found a (potentially) easier way to install the certificate. If you have access to a web site, you can just put the .crt file on it, go to the site, click the file and voila... It installs on the device.
Worked like a charm since I do not have an SD card with me, but I needed to install the certificate.
Thanks for the comments above. I had a .cer file, and renaming it worked like a champ as well.
Bryan
gces said:
I was looking for a way to do this exact thing, and found a (potentially) easier way to install the certificate. If you have access to a web site, you can just put the .crt file on it, go to the site, click the file and voila... It installs on the device. ...
Click to expand...
Click to collapse
Thanks, this works.
To install a browser certificate into a pre-ICS ROM, use Portecle to add it to /system/etc/security/cacerts.bks.
Notes:
- obviously, ROOT is required to do this
- the keystore p/w is changeit
- In ICS a certificate can be simply added via Settings
The problem is only old stock browser sees installed certificate. This browser doesn't exist on Jelly Bean for Nexus 7. Google Chrome is default browser here.
Anyone knows a solution to this?
Thanks
Denis
!crazy said:
The problem is only old stock browser sees installed certificate. This browser doesn't exist on Jelly Bean for Nexus 7. Google Chrome is default browser here.
Anyone knows a solution to this?
Thanks
Denis
Click to expand...
Click to collapse
The solution could be to wait until the bug in Chrome is fixed.
web security
Web certificate and web site security have much need for everyone. IF any one have want web project and security you should hire developers.
Hi,
i'm new new into Android world, now equipped with Galaxy Tab 10.1.
I don't know how to import certificates for use with VPN.
There is option in the settings to import certificates, but it says something like "Import from USB device".
If I place cert files into tab, this option does not work.
Do I really need to connect some usb stick through adapter (sold separately) and import certificates from this usb device?
Thanks for any help
no text.....
I highly doubt anyone here is going to even know what a certificate is. Sorry.
A lot of us do, I use encrypted email and could only get it to work using NitroDesk as email client, used wifi to transfer the certificates and install them, now I send & receive secure emai with my biller as required by HIPAA (I'm a physician)
My VPN doesnt use a certificate, but ifyou are able to install the certificate, it should work, I am able to use a VPN connection on my TAB and remote deskop into any of my office computers in seconds
5thElement said:
I highly doubt anyone here is going to even know what a certificate is. Sorry.
Click to expand...
Click to collapse
Ok, so do you think there is a more appropriate forum where I can ask about certificates on Android? Searching the web didn't give any answer...
Not sure what certificates you have, but I had to install 2 *.p12 certificates to be able to use WiFi at uni.
I just copied the certificates to sdcard and used the install from USB option in location and security settings.
pkoper said:
Not sure what certificates you have, but I had to install 2 *.p12 certificates to be able to use WiFi at uni.
I just copied the certificates to sdcard and used the install from USB option in location and security settings.
Click to expand...
Click to collapse
I have .cer and .pfx certificate, maybe Android does not like this type of certificates...
Update: I've converted cer->crt nad pfx->p12 (by Firefox) and voila - import successful.
Thanks for tip, closing case.
I can't decrypt emails any longer on Touchdown, had been working for the longest, any one else having problems?
Sent from my GT-I9100 using XDA
I was digging around in Zinio app folder on my tablet and it appears that each page of a magazine is stored as a PDF. When I try to open it, it says it's password protected. Has anyone taken a look at this? Is the password floating around or is there a way to open the file without the password?
Thanks!
fruv said:
I was digging around in Zinio app folder on my tablet and it appears that each page of a magazine is stored as a PDF. When I try to open it, it says it's password protected. Has anyone taken a look at this? Is the password floating around or is there a way to open the file without the password?
Thanks!
Click to expand...
Click to collapse
Hey it seems peeps here either can't or won't answer this question.
I have the same problem ... Common everyone, please assist us. Any answer is cool, but preferably a solution.
Thank you
Zinio PDF files
Hello there. Look into the same folder where those PDFs are downloaded. There you will find the same exact files but in JPEG format and they will open freely with any image viewer
Sorry but they are just thumbnails - not large enough to read...
It seems that each magazine's PDFs are encrypted using a different password, although the PDFs for the same magazine all use the same password. Two such passwords I recovered are ca2f3a202e73a5588510be105454d8f3 and f51daacd3e62829f0088f387bf5b311d. What I basically did was make a dump of the Zinio process's memory using gdb, run "strings" on it, then feed it into John the Ripper (jumbo) to crack the password. Unfortunately, I'm not sure how this password is generated - it must be stored/accessible somewhere locally, as you can read magazines you've already downloaded without an internet connection. However, the string only appeared once in memory, and it did not appear in plaintext in any of the other stored files, leading me to believe it is probably generated by the app at runtime somehow. MD5 of something maybe?
My device is running jailbroken iOS, so you all will have to figure out how to dump the process's memory for yourselves, but after I tarred and scp'd everything off my device:
Code:
pdf2john page0.pdf > crackme
strings memdumps.tar | tr -d ' ' | john --stdin crackme
then you can mass-decrypt and merge all the PDFs with something like this (replace 200 with the last-numbered file in the directory, I do this because simply doing *.pdf would merge the pages in the wrong order.):
Code:
mkdir decrypted
for i in *.pdf; do qpdf --decrypt --password=de4dbeeflongpasswordhere "$i" decrypted/"$i"; done
cd decrypted
pdfunite page{0..200}.pdf allpages.pdf
Hi, I have jailbroken IOS also but IOS 14.8. Is dumping the application heap what is needed to get the app's memory? I would be looking for ideas how to do this as I can't find gdb for 14.8?
thank you
I have exported multiple contacts successfully in to one single vcf file. If copy this via WebDAV to my share, the file is copyed. But when I now try to import this vcf, only one contact is imported. If i open this vcf with a editor on the device, it shows only obe contact.
Do I rename the file to contacts.vcf.txt and open this in the same editor on the device, i have multiple contacts inside. If i rename it back to contacts.vcf, its again only one contact inside.
What's going on here and how can I import successfully a vcf file with multiple contacts inside?
Lifear said:
I have exported multiple contacts successfully in to one single vcf file. If copy this via WebDAV to my share, the file is copyed. But when I now try to import this vcf, only one contact is imported. If i open this vcf with a editor on the device, it shows only obe contact.
Do I rename the file to contacts.vcf.txt and open this in the same editor on the device, i have multiple contacts inside. If i rename it back to contacts.vcf, its again only one contact inside.
What's going on here and how can I import successfully a vcf file with multiple contacts inside?
Click to expand...
Click to collapse
Vcards have special formats, maybe your formatting isn't correct after adding seperate contacts to one file?
It should look like this(2 contacts within that file):
BEGIN:VCARD
VERSION:2.1
N:john;doe;;;
FN:John doe
TEL;CELL:1234567
END:VCARD
BEGIN:VCARD
VERSION:2.1
N:john;doe2;;;
FN:John doe2
TEL;CELL:123456789
END:VCARD
The problem seems to be the transfer of the file. If I use Google Drive as a backup, the file stays intact. I will test a other WebDAV server and see afterwards if there the same problem exists. If not, I try to change my server setting.
The file itself is created by Google contacts, I assume, that it writes a correct structure.
UPDATE: I have made some more test's. The file upload seems to be work correctly. If i upload the file to the server, the file is saved there with the correct content. I could open it on the shell with "cat contacts.vcf" and see, that all entry's and contacts are there. However, if I open the file via a browser or other WebDAV client via GET, the file seems to be broken. I have only one entry. Additionally, before this "conversion" the file started with:
BEGIN:VCARD
VERSION:2.1
...
Click to expand...
Click to collapse
But now i have it look like:
BEGIN:VCARD
VERSION:3.0
...
Click to expand...
Click to collapse
Not at all, that i have only one contact, i now have vCard version 3 instead of 2.1. I'm sure this is a server side issue. But i have no idea how to fix this.
Lifear said:
The problem seems to be the transfer of the file. If I use Google Drive as a backup, the file stays intact. I will test a other WebDAV server and see afterwards if there the same problem exists. If not, I try to change my server setting.
The file itself is created by Google contacts, I assume, that it writes a correct structure.
UPDATE: I have made some more test's. The file upload seems to be work correctly. If i upload the file to the server, the file is saved there with the correct content. I could open it on the shell with "cat contacts.vcf" and see, that all entry's and contacts are there. However, if I open the file via a browser or other WebDAV client via GET, the file seems to be broken. I have only one entry. Additionally, before this "conversion" the file started with:
But now i have it look like:
Not at all, that i have only one contact, i now have vCard version 3 instead of 2.1. I'm sure this is a server side issue. But i have no idea how to fix this.
Click to expand...
Click to collapse
Strange that your webdav modifies the content of a file
As workaround you can zip the file.
Yes, really strange. I use Nginx for the webserver and SabreDAV for DAV. I now know that the problem comes from SabreDAV and not Nginx. If i use pure Nginx WebDAV, the transfer works without any problem in both directions.
To bad, that development of SabreDAV is stalled since last year. Maybe I found a fix for SabreDAV and can make a pull request in their GIT repository.
Lifear said:
Yes, really strange. I use Nginx for the webserver and SabreDAV for DAV. I now know that the problem comes from SabreDAV and not Nginx. If i use pure Nginx WebDAV, the transfer works without any problem in both directions.
To bad, that development of SabreDAV is stalled since last year. Maybe I found a fix for SabreDAV and can make a pull request in their GIT repository.
Click to expand...
Click to collapse
I use nginx too, but with nextcloud and it's own dav access. No problems here.
Hmm last time as i have played with NextCloud it uses SabreDAV 3.2.2 as the base for its DAV operations. But it was terrible slow against a pure SabreDAV installation on the same hardware. I wonder if it uses actually also SabreDAV or maybe they have made some modifications? And you say, you can upload such a export and download it again without getting the vcard converted to a single vcard? we live in a strange world...
Meanwhile is have disabled WebDAV and use Nginx WebDAV on the same url/path as a workaround. This works great and is a little bit faster than SabreDAV/WebDAV other the PHP stack. But maybe we can get a fix by SabreDAV itself. The behaviour is accepted as a bug.
Lifear said:
Hmm last time as i have played with NextCloud it uses SabreDAV 3.2.2 as the base for its DAV operations. But it was terrible slow against a pure SabreDAV installation on the same hardware. I wonder if it uses actually also SabreDAV or maybe they have made some modifications? And you say, you can upload such a export and download it again without getting the vcard converted to a single vcard? we live in a strange world...
Meanwhile is have disabled WebDAV and use Nginx WebDAV on the same url/path as a workaround. This works great and is a little bit faster than SabreDAV/WebDAV other the PHP stack. But maybe we can get a fix by SabreDAV itself. The behaviour is accepted as a bug.
Click to expand...
Click to collapse
Sure, Sabredav is included in nextcloud but I think it is they develop it independently from its source. I can upload vcf like the format I mentioned before. If I download them again from nextcloud contacts they are changed a little bit:
BEGIN:VCARD
VERSION:4.0
PRODID:+//IDN bitfire.at//DAVdroid/1.11-ose ez-vcard/0.10.3
UID: xxxxxxxxxxxxxxxx
...
...
REV:20180422T201525Z
END:VCARD
But I have no problems to import them again. So android uses an older vcf format than nextcloud/carddav.