I've installed the Citrix app and have an External Account created which allows me to connect to my work's Citrix farm. Whenever I try to run an application after logging in I am told that I haven't chosen to trust the certificate authority (Entrust.net). I was never given an option to choose to trust Entrust.net in the first place and all the error provides is an OK button that takes me back to the application list.
Is there something I can do on this stock, non-rooted, first generation T-Mobile MyTouch 3G phone to get this working? Why was this so poorly coded in the first place? One should be provided with the option to trust the certificate and the app should then try to download it or use it if the cert already exists on the device, etc, etc...
i would contact citrix, or the app dev if its someone else
seems like an app problem...
Related
I've been running a project on mobile computing at work which obviously means that I get loads of cool toys to play with.
So today I connected my XDA II to a server (via D-Link router) running MS Exchange and MS Sharepoint.
Limited success with Sharepoint, it renders ok but you lose a fair bit of functionality which must be down to advanced IE features not present in the mobile version.
Exchange Web Access worked like a dream though (albeit, a dream where the browser window is too small and the wrong form factor!)
However I was doing 3 things at once and ticked "remember password" when initially logging on to the server and the damned thing just bypassed authentication from then on meaning I couldn't try different accounts.
So to the "does anyone know" bit, Firstly anyone have any ideas about clearing the "remember passwords" nightmare, tried stopping explorer, clearing cache and cookies and even a soft reset with no joy.
The main idea of the project is to give our key mobile workers (mainly our Directors) access to this technology, now I would never suggest that Directors are thick (and some of ours are anything but) however the process for selecting and connecting to networks seems bloody fiddly at best, anyone know of any decent software that makes this a bit more intuitive?
Gonna try and make time to try my BTOpenzone account out with the XDA II tomorrow, any thoughts?
For the auto authenticate part, why not just change your account password on your exchange server, youll get a refused connection and asked for password and username again.
I've tried owa on the xda2 and found it very unwield, so I use imap into pocket outlook instead check it just like you would pop3, infact you could use pop3 aswell / instead.
Forgot to mention, have you had a play with remote admin using the xda yet? I'm looking for a better way than the admin website (same problem as owa)
Good idea on the password, owa is being as we have an existing (large) corporate Exchange set up and want a relatively seamless mobile experience. When using notebooks etc away from the office we'll be using OWA so using it on the Xda's too makes it easier for our high powered thinkers!
Might just have to get some iPaq 4150's for the landscape mode while waiting for Xda III!
Not touched remote admin and probably not likely to, the final system will likely be installed in a fully supported datacentre.
Sounds like a fun setup, love to get my hands on a rig like that (probably bring the whole system down!!! LOL).
I think that owa uses editable html pages, so you could maybe create a more pocket pc friendly layout, I would think that you could redirect clients by browser type so that pc users got the standard layout, and xda's got the modified one.
I've found that if you keep the possible number of connection options down the auto select works pretty well.
I have just installed the Citrix Receiver in hopes that I could connect to my Office's network remotely.
I have been able to connect to my published desktop but when I try and connect to a published app I get "Error SSL/TLS error: The certificate Validation failed."
The Iphone i have is able to connect without problems. Now i'm trying to work out if it is a 1.6 limitation or if there is a way for me to connnect by updating the certs on this X10.
Anyone had any similar issues?
Turns out it's a limitation of the current android OS which isn't fixed until 2.2!
The Verisign CA class 3 Cert is not included on android versions 1-2.1.
It just seems that everyday there's something else i can't do on this phone.
I'm finding it harder to find reasons to keep this phone and not go for the desire!
Maybe you should take a look at this article from the Citrix Knowledge Center:
https://hqextsrvsft01.citrix.com/article/CTX125431
It helped me to import "TC TrustCenter Class 2 L1 CA XI" into Android's root certificate store. Now I can use Citrix Receiver from market with my work environment (which NEVER worked before), yeah!!
nachtschicht said:
Maybe you should take a look at this article from the Citrix Knowledge Center:
https://hqextsrvsft01.citrix.com/article/CTX125431
It helped me to import "TC TrustCenter Class 2 L1 CA XI" into Android's root certificate store. Now I can use Citrix Receiver from market with my work environment (which NEVER worked before), yeah!!
Click to expand...
Click to collapse
Hi, may I ask how did you get your TC TrustCenter cert? I have the same problem with connecting to my work environment via citrix receiver.
I have tried the same steps but it didn't help. My cert is a "Class 3 Public Primary Certification Authority" from Verisign, and I exported the cert from my PC's browser of the site.
I downloaded my certificate from here:
http://www.trustcenter.de/infocenter/root_certificates.htm
I assume Verisign is offering a similar service.
Thanks for replying.
Just to share my experience.
Turns out my cert is the correct one all this while, for some reason, on top of adding the cert to cacerts.bks, I have to use the default android browser to navigate to the site with the cert and "accept" the cert from browser, after which everything works like a charm.
The bad news is that this particular cert seem to conflict with android market, because I can't download any apps after this, saying "network error".
So my current workaround is to keep 2 versions of cacerts.bks, and swap them whenever I need to use citrix receiver.
I am suspecting that android market could be keeping this cert for it's own use hence did not include it in their list. If that's the case it would be quite a stupid design decision. I hope I am wrong.
nachtschicht said:
Maybe you should take a look at this article from the Citrix Knowledge Center:
It helped me to import "TC TrustCenter Class 2 L1 CA XI" into Android's root certificate store. Now I can use Citrix Receiver from market with my work environment (which NEVER worked before), yeah!!
Click to expand...
Click to collapse
Hi!
Would you, please give steps here?
The article has been removed from citrix site...
Thank you.
Workaround...
I found a workaround for this Citrix Reciever issue when using Gingerbread ROMs. When my phone was running on Froyo I had no issues using the receiver. So I went back to Froyo on my phone where the receiver worked fine, and copy the cacerts.bks located in /system/etc/security to my machine (using adb pull command). Then I installed my Gingerbread ROM again and copy this certificate from my computer over the one in Gingerbread ROM in the same location (using adb push command), and Citrix Receiver works! I'm not sure what newer things the Gingerbread cacerts.bks have, as there is a substantial difference between both files (61391 Froyo vs 143095 Gingerbread), but everything seems to be working normal, including Market.
Hope this works for others the same it worked for me.
I have the same problem on SGS running 2.3.5
Problem is i am using itnernal certificates; i have imported the root ca certificate ( it said it installed it from sdcard ) but i still receive that the server certificate is invalid.....
I choose then to accept the certificate but it does not open published applications or desktops ( connection error )
Needless to say that it is working flawalessly from windows mobile or iphone
I have searched high.. and I have searched LOW... and I can find no solution for this problem:
}{Alienz}{ said:
Well the thing is I tried several browsers.
1. The default one that comes with Android
2. Opera mini
3. DolphinHD
All same thing. I'm now going to test with a beta build of Firefox for android (fennero was it called I forget) but its SUCH a stupid thing to not work. Every other device WORKS. Blackberries, Iphones, tablets, laptops....everything.
EDIT: The EXACT error I get is:
"There is a problem with the security certificate for this site. This certificate is not from a trusted authority." I get this AS it attempts to load the redirect login page (both university and at work now). Same issue. It's browser/certificate related. And its ANNOYING as hell.
EDIT 2: Found the problem. It's that stupid certificate.
"This is a result of your corporation using an in house Certificate Authority to provide SSL encryption on your mail server and clients.
Basically....the computer that issued the certificate isn't trusted by the android phone. I'm new to android so I'm not sure if you can add a trusted CA (I haven't seen any options for it).
I don't know about future updates like the above poster mentioned.
Most companies will purchase a certificate from one of the major Certificate Authorities on the internet, which are pre-programed into most operating systems to be trusted. Internal CA's are trusted by the domain environment at your work, but not by anyone else. External (Internet) CA's are trusted by everyone.
if you want an example, open up IE (gross I know) and go to your options. Click the content tab, then there should be a button label certificates. inside the certificates window select Trusted Root Certification Authorities.
That is a list of all the builtin trusted CA's provided by Microsoft and the companies that govern the internet. "
I STILL have no idea how to fix it and to make the phone accept the certificate though.
EDIT 3: Fennec (Mozilla Firefox for Android beta) managed to pull up the login page for my work network. Not sure if it will work for the university yet.
Click to expand...
Click to collapse
I can't use firefox because the Galaxy 3 isn't supported. (Hence, why I'm asking in the Galaxy 3 section.)
But there MUST be a way to accept a simple TOS.
Maybe an AP? Or a script that can be written?
I've rooted my phone... Maybe I can find a way to add the McDonald's certificate?
HELP!
Oh come now..
Sixty views, somebody could at least take a JAB at it.
TeamRainless said:
Oh come now..
Sixty views, somebody could at least take a JAB at it.
Click to expand...
Click to collapse
Alright the hell with it... I'LL take a jab at it:
I can't load the McDonald's site because Android doesn't like their certificate. So all I should have to do is add the McDonald's certificate to the list of sites that Android accepts and it should be sugar in the gas tank right?
So where is this list held?
I am a PIA (Private Internet Access) subscriber and I'm trying to configure OpenVPN for Android on my Nexus Player. I had no problems configuring it on my Nexus 5 but when I open the app on the player and go through creating a profile, when I try to click the button to "select" a certificate OR if I try to import an OpenVPN configuration I get a brief message from android that it doesn't have an app to do that.
My guess is that something is lacking on my device - particularly the "open from" dialog that appears when you're trying to add/select a file from your sdcard or cloud drive.
Has anyone else seen this and have a solution? I'm so close to getting this nailed down and I don't want to use the PIA app since I can't access my local network resources when it's connected.
rewiredsoftware said:
I am a PIA (Private Internet Access) subscriber and I'm trying to configure OpenVPN for Android on my Nexus Player. I had no problems configuring it on my Nexus 5 but when I open the app on the player and go through creating a profile, when I try to click the button to "select" a certificate OR if I try to import an OpenVPN configuration I get a brief message from android that it doesn't have an app to do that.
My guess is that something is lacking on my device - particularly the "open from" dialog that appears when you're trying to add/select a file from your sdcard or cloud drive.
Has anyone else seen this and have a solution? I'm so close to getting this nailed down and I don't want to use the PIA app since I can't access my local network resources when it's connected.
Click to expand...
Click to collapse
**no root required, im on 5.1.1**
I got it working but it doesnt rotate but it works and all you need to do is input your info and hit connect.
Here is a VPN client that PIA made for there servers:
HTML:
http://download.apks.org/?server=11&apkid=com.privateinternetaccess.android&ver=1.1.7
install that like this:
adb install /path/to/com.privateinternetaccess.android&ver=1.1.7
Open up SideLoad Launcher and Launch VPN, fill out your info and tick save and hit connect. I confirmed working with Chrome at whatsmyip
Cheers,
DFL
Unfortunately it's not working on mine. When I click on "connect" I get a system dialog asking me if I want to enable VPN access - whatever you push after it doesent connet to the VPN.
Has anyone gotten this working 'better'? I've talked with PIA support and asked them why their app is considered "incompatible" and to please change that status in Google Play if there is indeed no issue. DroidVPN, VyperVPN, etc are in there so it's obviously possible I assume
Barkle said:
Has anyone gotten this working 'better'? I've talked with PIA support and asked them why their app is considered "incompatible" and to please change that status in Google Play if there is indeed no issue. DroidVPN, VyperVPN, etc are in there so it's obviously possible I assume
Click to expand...
Click to collapse
I'm wondering if I side load the android app will it work. Did you get it to work?
Sent from my SM-N910T3 using Tapatalk
Hello,
I was wondering if anyone knew of a mod (in any form/fashion) that will "revert" the certificate changes that were introduced in Android 7.0, or if this would be a possibility?
The story in the beta's was/is:
To use my Wi-Fi at my school (I literally live at school) I have to install a certificate on all devices. In Marshmallow I just enter my credentials when connecting to the Wi-Fi, and it connects, however there is no internet connection yet, I then have to open the browser and visit cert.localnetwork.zone, and install the certificate which then allows me access to the internet (well, 'restricted' access, hence the purpose of the certificate).
However, in N, there are some extra steps, when I [connect to the Wi-Fi I have to select between use system certificates and do not validate, which I then select "do not validate", as I don't have any certificates installed on the device to use, and I don't know the domain to enter for the other, and it kicks up an error if I enter cert.localnetwork.zone (the only thing I could think to use). Then when I go to Chrome just like any other time I go to cert.localnetwork.zone, and download and install the certificate like any other ROM I would do it on. It installs and grants me access to the internet, however the access is 'different'.
I can't use the Google App, which means that Google Now doesn't work at all, neither does the search bar on the GNL, going to Chrome I can't search something in the URL bar, instead I have to go to bing.com, and then search it from there (google.com returns an error). I open Sync for Reddit (Pro), and it will not load returning that I have no internet connection, however upon using the official Reddit app, everything works fine. Using the Bing app results in the same error as the Google App (no internet connection), however when using the bing website as mentioned before it works fine. Other services like Google Plus do not work either.
But I am still able to access the Play Store, Gmail, Inbox, Twitter, Tumblr and other services just as I would before, but it seems that anything using https, does not work due to an added security measure. However, when switching to another Wi-Fi network, or using my data, everything returns and works as per usual (which is quite annoying, when a heap of Google Now, Reddit etc notifications come streaming in). Every version of the N preview has been like this, however any version of 6.x has no problem. I haven't come across this error on any other devices (OnePlus One, Nexus 5, iPhone 6, Macbook Pro, Dell XPS 13, Chromebook Pixel, Nexus 7). I've basically narrowed it down to the connection not being private, as it says when I press "do not validate", however I don't know of any other way to connect to the Wi-Fi..
However, in the official 7.0 release it's even worse, now I connect to the Wi-Fi, and I can ONLY access the Play Store (which works without the certificate being installed anyway). I contacted our IT department, and they said that this is not something that they can change since they are required by the ADoE to monitor internet activity.
So I was wondering if there was some either mod/rom or ANYTHING that would allow me to revert the certificate changes in 7.0, or a root app or whatever that allowed connections on an "insecure" Wi-Fi network.