I've got NST rooted with Nook Manager and I had installed NTGAppsAttack. My problem is that wherever I go with https I get security certificate error and text: "The name of the site does not match the name on the certificate". I know that I can get this kind of error if I would have wrong date but I have correct date.
The problem involves any website accessed via https.
I don't know if I had this problem from beign or it started after rooting. I have backup but I will have access to it in a week or so and maybe there's a simple solution to my problem.
I've removed GAPPS and changed browser from stock to Opera Mini and don't get those errors.
dflt said:
I've got NST rooted with Nook Manager and I had installed NTGAppsAttack. My problem is that wherever I go with https I get security certificate error and text: "The name of the site does not match the name on the certificate". I know that I can get this kind of error if I would have wrong date but I have correct date.
Click to expand...
Click to collapse
I have the same problem (and a problem with the Market). Did you find the problem, or a way to fix it?
The stock browser has problems with wildcard certificates (e.g. *.example.com instead of www.example.com). Use another browser as dflt discovered.
Related
Guys,
Are any of you experiencing difficulties getting into AndroidForums?
I'm finding it's been down for quite some time this morning.
Beards said:
Guys,
Are any of you experiencing difficulties getting into AndroidForums?
I'm finding it's been down for quite some time this morning.
Click to expand...
Click to collapse
Yep, me too. Can't get onto phandroid either (think it's the same site)
Looks like their DNS is hosed. Who knows what else.
Its up now; but seems to be very slow.
still down for me
Still no luck here either.
Strange thing just happened though when I clicked on a save URL to the site...It prompted me for a user name and password immediately.
Very weird!!
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
That is the result of attempting to get into the site at 11:30 am Central time.
It appears they have been compromised, big time, because the generic address is yielding the "/" (root) folder, which is protected.
- Frisco
Ocsirf said:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.
That is the result of attempting to get into the site at 11:30 am Central time.
It appears they have been compromised, big time, because the generic address is yielding the "/" (root) folder, which is protected.
- Frisco
Click to expand...
Click to collapse
Great and I entered my user name and password like a moron!!
I'm glad to see this thread. I got locked out since about 8:30 MST last night and saw that enter username/password thing. Scared me so I x'd out of the tab but still can't get into their forum today. Sucks that they were hacked. Why do people do that?
It's up again now.
bidboy said:
It's up again now.
Click to expand...
Click to collapse
Not quite.....
On the site you will see this message:-
Site undergoing maintenance... we should be back shortly!
Thanks for your patience!
Beards said:
Not quite.....
On the site you will see this message:-
Site undergoing maintenance... we should be back shortly!
Thanks for your patience!
Click to expand...
Click to collapse
Yes, they are still having problems. Was working fine earlier but just tried again & get the following message :-
Fatal error: Cannot redeclare getHostName() in /home/arrowbe/public_html/neverstill/openx/www/delivery/afr.php on line 207
Hopefully will be sorted soon.
The site's back up and running.
am the only one getting this error message when downloading it ?
"C:\Users\OFWMFSKTADGAF\Downloads\revolutionary-0.4pre4(1).zip.part could not be saved, because the source file could not be read.
Try again later, or contact the server administrator."
chrisbluejames said:
am the only one getting this error message when downloading it ?
"C:\Users\OFWMFSKTADGAF\Downloads\revolutionary-0.4pre4(1).zip.part could not be saved, because the source file could not be read.
Try again later, or contact the server administrator."
Click to expand...
Click to collapse
Never saw that error, there seems to be a rash of problems with downloads
using certain browsers on certain webservers. Try saving the file to a specific
location (ie: desktop), and manually typing a filename (ie: revolutionary.zip).
If not, download a different web browser and try that.
Hard to troubleshoot an exact windows issue without having physical access
to the computer. I could email you the revolutionary file, as I didn't have
problems downloading it, but it'd be better to sort out the issue you are having first.
The router at work requires WPA/8021x-PEAP/TTLS/MSCHAPv2, and my rooted NST does not accept that. So I copied from my CM7-running nook color the relevant info from /data/misc/wifi/wpa_supplicant.conf and entered that into the said file on NST (using root explorer). I also checked the permission of this file (chmod 660). But I still cannot get connected, after turning wifi on/off and also rebooting it.
Any suggestions?
THANKS!
I don't know if its a stock android issue, as my university uses that kind of network security and I can't acces it no matter what config I use on my stock android (using 2.3.4).
Is it stuck on Obtaining IP address?
revile said:
Is it stuck on Obtaining IP address?
Click to expand...
Click to collapse
Stupid question: How can I tell?
Like I said I edited wpa_supplicant, reboot, and nothing happens. Alternatively, I tried to use BN's setting apk and entered the username + password, and again nothing happended.
you can install e.g. catlog app and check your logs
Don't you need the right certificates installed for TLS? Maybe the NST (which wasn't designed for Web browsing) doesn't have them installed.
As identified in this post http://forum.xda-developers.com/showpost.php?p=65344931&postcount=10 lots of apps and websites have stopped working over the past year or so (depending maybe on your ROM). This has been traced to the root certificates (used to trust websites and set up secure ssl connctions) becoming out of date. Modern devices also have many more root certificates installed by default.
Note that this doesn't fix the google market on the nook touch, nor the kindle book store. It does fix the kindle app for syncing books purchased elsewhere.
I'll port the instructions over into this post later (see the link above for now). It requires root (so is slightly risky).
If you identify any more failing sites, please provide an https link which fails to open on the nook (but does work on a PC) and I'll add the root authority to my files. Anyone working on ROMs is welcome to redistribute my cacerts.bks
<reserved>
Aargh!
tshoulihane said:
As identified in this post http://forum.xda-developers.com/showpost.php?p=65344931&postcount=10 lots of apps and websites have stopped working over the past year or so (depending maybe on your ROM). This has been traced to the root certificates (used to trust websites and set up secure ssl connctions) becoming out of date. Modern devices also have many more root certificates installed by default.
Note that this doesn't fix the google market on the nook touch, nor the kindle book store. It does fix the kindle app for syncing books purchased elsewhere.
I'll port the instructions over into this post later (see the link above for now). It requires root (so is slightly risky).
If you identify any more failing sites, please provide an https link which fails to open on the nook (but does work on a PC) and I'll add the root authority to my files. Anyone working on ROMs is welcome to redistribute my cacerts.bks
Click to expand...
Click to collapse
I've been using your updated cacerts.bks file and it is great. In January another certificate expired and I'm fairly confident it's the reason a news app (News Republic) started throwing up security certificate errors and refused to connect with the server. I think I need to be able to do the certificate updates, but I am trying to avoid going down the SDK road (a massive download I will never use for anything else) and all those complexities.
Except, nothing else seems to work. There is an ancient thread in which people discuss various ways to update pre-ICS cacerts. Unfortunately, none of them work--I've tried them all. The browser idea seems promising and Opera Mobile responds as described, but then nothing happens to the cacerts.bks file.
Portecle looks really promising (images below). It can obviously open and inspect the cacerts.bks file (password: changeit). It shows the additions you made and also indicates the expired certificate.
So I went searching for a replacement and found something that seems like the right thing (attached as a zip). It imported easily into Portecle and then appeared along with the new ones you added.
Then I returned the file to the NST and made the permissions the same as the old file. A reboot put me in a loop out of which I just barely managed to recover by inserting my NookManager card at just the right moment.
So I don't get it. The bouncycastle files recommended in the CAcerts wiki for this task are too old to be available. Surprise.
I'm tempted to NOT fix the permissions on the cacerts.bks file when I return it to the NST because I once had a similar problem with a settings.db file and it turned out that restoring the "correct" permissions resulted in a bootloop while leaving them as they were when the file was copied back made it all work just fine. But I'm too timid to try that just now.
Any insights?
From my linked thread,
Download http://www.bouncycastle.org/download...dk15on-146.jar - this is used locally on your PC to manipulate the certificates and needs to be version 146 or 147 to work with android (or old android at least)
Click to expand...
Click to collapse
It seems that when I used a different version, I got a bootloop. Although the link I referenced seems to have died, the filename still turns up plenty of hits. http://polydistortion.net/bc/download/ for example (version 1.47).
I agree its a lot of pain, and I'm not sure I still have the toolchain download that I used for this work. I'll have a dig around...
tshoulihane said:
From my linked thread,
It seems that when I used a different version, I got a bootloop. Although the link I referenced seems to have died, the filename still turns up plenty of hits. http://polydistortion.net/bc/download/ for example (version 1.47).
I agree its a lot of pain, and I'm not sure I still have the toolchain download that I used for this work. I'll have a dig around...
Click to expand...
Click to collapse
Yipes. Well, I downloaded the jar file (many thanks...I did search on the file name and came up empty) and followed your example on the other thread. Everything behaved as it should. Except for the boot loop....... This time it was even harder to get out of it.
Two possibilities come to mind. My JDK is 1.8.0_73. Maybe that's too new to work properly. The other is that the certificate, despite playing nicely as far as console feedback went, is of the wrong format, although this does not show up in the feedback or in Portecle.
Anyway, I'm sufficiently intimidated now that I'm not going back there unless I have a better way of getting out of boot loops (since I'm doing ADB over Wi-Fi).
Edit: temptation... So I went back to the CAcerts Wiki and noticed they suggest Java 6. Now, of course, the Wiki is old, but so is the Java underlying the NST, so I found an install of Java 6 and put it on the laptop we have attached to the TV (which runs Kodi and very little else). Then I repeated the entire procedure with--supposedly--all the right components. Same dreaded bootloop. So either the certificate I have has an incompatible format, or I am just hopeless at this. Maybe both
all of the old bouncy castle api releases are archived on their ftp server under ftp://ftp.bouncycastle.org/pub. i managed to find the .jar files referenced in the other thread on there and updated my cacerts.bks using the cacerts wiki instructions a few days ago. hope it helps you. using the newer release gave me a bootloop as well, but once i grabbed the older version from their ftp all was good!
shadylady said:
all of the old bouncy castle api releases are archived on their ftp server under ftp://ftp.bouncycastle.org/pub. i managed to find the .jar files referenced in the other thread on there and updated my cacerts.bks using the cacerts wiki instructions a few days ago. hope it helps you. using the newer release gave me a bootloop as well, but once i grabbed the older version from their ftp all was good!
Click to expand...
Click to collapse
Which java version were you running?
Edit: Hmm....I'm not having any luck with the link you provided. Using an FTP client I am asked for a logon and in my browser (Firefox) it never connects.
Here we go: http://www.bouncycastle.org/archive/
Remains to be seen if that will do the trick for me...
the bootloop version was whatever bouncycastle.org has as their latest release.
the one i downloaded from the ftp that didn't bootloop was this one: bcprov-jdk16-146.jar
you'll need to ftp in and use the password "anonymous" and some bogus email to get onto the ftp. from that web version of the archive it should be this package: http://www.bouncycastle.org/archive/146/bcprov-jdk16-146.tar.gz
i'm running mac, so my default java was 1.6. i updated to 1.8 but that happened after i got this all up and running already. this was the version that was default:
$ /Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Commands/java -version
java version "1.6.0_65"
Java(TM) SE Runtime Environment (build 1.6.0_65-b14-468-11M4833)
Java HotSpot(TM) 64-Bit Server VM (build 20.65-b04-468, mixed mode)
so jdk 1.6 + API 146 (or 147?) seems to be the proper mix.
at first i thought it wasn't working, because although i updated the cacerts.bks, the amazon kindle app kept saying "incorrect email/password". took me a while before i read the entire thread and realized that amazon now does two-step authentication so i had to enter the one time passcode they had sent to my email.
nmyshkin said:
Which java version were you running?
Edit: Hmm....I'm not having any luck with the link you provided. Using an FTP client I am asked for a logon and in my browser (Firefox) it never connects.
Click to expand...
Click to collapse
Well....progress, or at least I think so. This may be an easier method.
Go to http://www.bouncycastle.org/archive/ and download bcprov-jdk15on-146.jar
Go to https://sourceforge.net/projects/portecle/ and download potecle (an executable jar)
Unzip portecle. Rename the bcprov-jdk15on-146.jar to simply bcprov.jar and copy that into the unzipped portecle folder (overwrite the newer version already present).
To run portecle, just double-click on portecle.jar. You will get a statement about the 146 file being out of date, resulting in not everything working, but enough works for our purposes.
Copy cacerts.bks from your NST (system/etc/security) to your PC, open portecle and import your cacerts file (password is "changeit"). You now have a nice graphical interface for perusing and updating your certificates! If you have a *.cer certificate to update, rename the "cer" to "crt" and use the import function. It's really that simple. I tried it, copied the file back onto my NST, fixed the permissions and.......{drumroll}.......no bootloop I'm running jdk 1.8.x
That's the good news. The bad news is that I did not succeed in updating the entrust certificate. I added three from their website and while they did not break cacerts, they did not restore functionality to NewsRepublic, which is what I was hoping to do
So....this may work. It's certainly easy, but clearly you need to have the correct updated certificate to get the desired result. Duh.
Edit: OK, it's ALL bad news
Don't do any of this. It seems to go OK but yesterday I found I could not successfully open the NPR app. I thought, "well, another one bites the dust", but I was curious so I used SearchMarket to see if the app was still listed for the NST. It was. So maybe it got corrupted somehow? Anyway, I uninstalled it and was going to reinstall from the Market but suddenly I got messages about the download failing. Oh no, not another function going south?!
Well, it's all fine, but the problem was the cacerts.bks file that I had made using the method above. Although there is no bootloop on restart, there is bad ju-ju nonetheless. Restoring my backup of cacerts.bks fixed NPR and SearchMarket. So....don't go there (and the two people who thanked me, feel free to unthank me )
cacerts.bks file updated 12-6-20
On May 30, 2020 another certificate in our ancient cacerts.bks file expired. This was one of the certificates used by FBReader to sync with a Google Drive directory of your designation (see books.fbreader.org). I'm assuming at this point that it was the critical certificate in the link because not long ago it was possible to work around login issues as described in my earlier post here: https://forum.xda-developers.com/nook-touch/general/setting-sync-fbreader-t3957311
I was contacted by another XDA member about this issue and noticed in a logcat that the certificate had expired. I have never had any luck updating certificates, despite the description of the process by XDA member @tshoulihane. It took many a year for the basics to penetrate my thick skull and I finally decided to look at it again. I will prepare a post on this topic in a bit so the information won't die with me
Meanwhile, I have updated both certificates in a cacerts file I extracted from a Honeycomb ROM and have been using on all my NST devices. It also includes the updated Amazon certificate so the Kindle app still functions. It contains many more certificates than the file that came with the NST (some expired). At least now I see a way forward.
To update your file, download the zip below and extract the cacerts.bks file. Transfer to the SD card of your NST and then use a file manager with root privelages to copy it into /system/etc/security, overwriting the file that is already there. If you feel queasy about this, first rename the old cacerts.bks file to cacerts.bak, then move the new one in place. File permissions should be rw-r-r
Reboot.
No need for the workaround I wrote about in the earlier post now. I tried this with both Opera Mobile and Opera Mini, signed in on both browsers before starting. Opera Mini failed. Opera Mobile, with the appropriate settings for TLS 1.2 etc. as I have described in another post, balked a little but succeeded. And once you are signed in, you never need to go back to the browser (I think).
Here's what may happen:
1. You may sail through the sign-in process from FBReader (Network Library>FBReader book network) and see your file information appear. Done.
2. More likely than not you will get an "unable to establish a secure connection" or similar. This is a sadly common occurrence in Opera Mobile these days and has been roundly trounced on old Opera discussion boards. There appears to be no fix for it except to access the "Settings" window (from the "O" button). Then go to "Privacy" and then "Clear cache". Now back out of the Settings windows (Back button) and finally hit the "refresh" icon. Voila. This is a general "fix" for pages which don't want to load properly even though you have a valid certificate. I've tried running a script to delete the Opera cache before opening Opera but to no avail. Sometimes you are lucky (especially if you have not encountered any errors in a session before exiting), sometimes you are not. Like I say, once you get past this with FBReader, you should not need to go through it again. Just remember, you want to be signed in with your email, etc. on the Google homepage (the same account for your Google drive you set up with FBReader) before you go through all this.
I tested this with FW 1.2.2, but not 1.2.1
Hello!
Thanks a lot for this information, I was struggling with exactly this yesterday and came here to post this issue, but you already have a solution.
I installed Opera Mini v7.6.4 but couldn't connect to FBReader, so I tried to use the default browser and voilà. Now it's working again.
Thanks again, I really thought it was impossible to fix lol.
I haven't checked if kindle app is working, but it surely does.
Thank you!
How does one install or enable a file manager with root access? I've been googling for hours now and it's such a broad topic that I just can't for the life of me figure it out
xrupa said:
How does one install or enable a file manager with root access? I've been googling for hours now and it's such a broad topic that I just can't for the life of me figure it out
Click to expand...
Click to collapse
If your device is rooted, then you just need a "good" file manager. The version of ES File Explorer I use has an option for enabling root access. Attached.
Ah, that's the release version I have installed, I'll try and find the option, couldn't spot it earlier but that gives me hope
many thanks
Cheers, that's got me on a step or two, I think I just need to disable two step verification next as opera or the standard browser is repeatedly doing the 'failed connection' thing you mention at that stage, lightly infuriating, but at least I'm getting closer to getting my fbreader library back, many thanks!
xrupa said:
Cheers, that's got me on a step or two, I think I just need to disable two step verification next as opera or the standard browser is repeatedly doing the 'failed connection' thing you mention at that stage, lightly infuriating, but at least I'm getting closer to getting my fbreader library back, many thanks!
Click to expand...
Click to collapse
The stock browser is useless. For Opera Mobile don't neglect to make the TLS 1.2 change and, of course, update cacerts.bks
Ah great thanks, I've found that TLS thread, I'll do that and hopefully that'll be it!
nice one @nmyshkin
OMG It's done, im back into the network library on my ancient nook!
thanks so much, months of trying allsorts, nice one, thank you!