SSL Funambol on Android without adding Certificates

December 26, 2011 at 22:36 (Android) (, , , , , , , , )

Recently I wrote a blog entry about how to add a root certificate to your rooted android keystore for using SSL funambol.
This works perfectly as long as you have root access to the device.

Sometimes you come into the situation where you cannot root the device, eg. in a corporate environment or if you just don’t want to crack a new device just to make the funambol client working, like me for now.

I’ve got a new Motorola Xoom and needed funambol to sync my contacts and calendar entries.

After asking Mr. Google there are only 2 ways till Android 4.x is ready:

  • Using http without ssl
  • Using ssl and recode the funambol client to accept all cert’s

I decided to use the 2nd solution – this also refreshes my java a little bit :-)

Of course i want to share everything with you – if you’re too lazy to read all the stuff you can point your Android client here to install my compiled Funambol 10.0.8 client without the certificate check:

For Android < 4.0 this binary works:

Direct download with android: funambol-android-10.0.8_Tasks-devBioS.apk

Mirror 1: funambol-android-10.0.8_Tasks-devBioS.apk

Since ICS (>= 4.0) people having problems syncing Calender. This is because they made changes in the Calender API wich renders the Calendar Sync unusable, you can use this binary (which only works on ICS and greater):
Direct download with android: funambol-android-10.1.3_Tasks-devBioS.apk

UPDATE 2012-04-03: I activated the task sync feature also and re-uploaded the binary.
If anyone is intrested in the source on how to activate it, drop me a line and i will update the post.

Read the rest of this entry »

Permalink 32 Comments

Adding Root Certificates to Android Phone with root access

August 23, 2011 at 22:24 (Computer) (, , , )

Yeah, after being really busy with my real life, here is another intresting trick for you:

How to get some more root certificates on an android phone where you have root acces (or, at least, you can start & use root explorer).

Some background info:
I use a funabol community server to keep my phone’s and outlook’s in sync and recently my colleague sven did a great job converting my HTC HD2 with winmobile to Android 2.x (kudo’s to him! thanks!).

Update on 2011-12-27: I changed the client to allow self-signed certificates: here

The challenge is that if you use funabol with self signed ssl certificates you need to get those recognized by android which is a really complicated task if you don’t know how.  But here we go:

What you need before (and what i don’t describe):

Our steps include:

  1. Export the certificate out of the funambol java keystore
  2. Get the cacert.bks from the android device
  3. modify the cacerts.bks of android
  4. reboot and finished

Step 1 – Export the funambol certificate

  • Execute  “%JAVA_HOME%\bin\keytool -export -alias tomcat -file myroot.cer”  (in-detail like here)
  • copy the myroot.cer to the SD-Card of the android device (or download to another computer)

Step 2

  • insert the SD-Card to the android device, startup root explorer and navigate to /etc/security/
  • copy the file cacert.bks
  • navigate to /sd-card and paste the file
  • insert to another computer
  • Go and execute the Portecle Keytool and open the cacerts.bks from your SD-Card
  • When promtes for a password, just hit enter
  • go to Tools -> Import Key Pair   and select your myroot.cer, give it any name you want
  • save the cacerts.bks
  • re-insert the SD-Card to android device
  • open up root explorer, head to /sd-card, copy, paste to /etc/security/
  • make sure root explorer show “mounted as r/w” in the header of the program.
  • set permissions of the newly copied cacert.bks to rw-r–r– (owner,group,other: read     owner:write)

Step 3

  • double check if the permissions of cacerts.bks are set correctly to rw-r–r–
  • restart the phone
  • funambol sync should now complete.

Have phun to be in sync!

P.S. Keep in touch! the next xbee’s blogpost’s are half-way written, but i really don’t have time ATM… sry

Permalink Leave a Comment