E61 Access Point Groups, Push Email, and Certificates
Friday, September 15th, 2006So it looks like access point groups are working on the E61 now after the firmware update. I have an access point group defined that includes my home and work wifi network as high priority, and a low priority access point corresponding to cellular. I still can’t use that access point everywhere, the groups don’t show up in some applications. But the apps it does appear for seem to be working. And one of those apps is the built in messenger, which includes email support. Supposedly it had push email support, in the form of IMAP IDLE, but everything was so buggy before that I didn’t bother using it too much before.
Now however things look much better. I got an email on my phone on my way to work this morning after having used the messenger from home wifi for a bit. The client swapped over to the work access point when I got into the office. All without me having to poke at the thing at all, just like magic. Or a sufficiently advanced technology, always hard to tell those apart.
So it might be worth posting about how to get a self signed certificate working with the E61, cause with everything else working all automatically it’s annoying having to keep accepting what the device thinks is an invalid certificate. I’m using SSL with both IMAP and SMTP on my server, cause that’s just how I roll.
I’m running Debian testing/unstable with courier handling the email, most of the config done via the courier-webadmin interface, and processing/delivery done via maildrop. Everything installed in a pretty much working state, generating certificates and pretty much setting itself up. A little poking around to get authenticated SMTP working, but not much. We just need to do two things really to get this working:
- Create new certificates for the IMAP and SMTP services using the name you type into the email client as the common name field in the cert. Here are the commands I used (cd /etc/courier first):
- openssl req -x509 -nodes -days 3650 -subj ‘/C=US/ST=California/L=Palo Alto/CN=madgat.com’ -newkey rsa:1024 -keyout imapd.pem -out imapd.pem
- openssl req -x509 -nodes -days 3650 -subj ‘/C=US/ST=California/L=Palo Alto/CN=madgat.com’ -newkey rsa:1024 -keyout esmtpd.pem -out esmtpd.pem
- Then you have to get the certificates into the device. Which means tranforming from the format that the servers use into the DER format:
- openssl x509 -in imapd.pem -out /somewhere/web/reachable/imapd.crt -outform DER
- openssl x509 -in esmtpd.pem -out /somewhere/web/reachable/esmtpd.crt -outform DER
I named my certs *.crt because my system already had a type setup for crt in /etc/mime.types that defined it as application/x-x509-ca-cert content. So then I just had to point the khtml based web browser to the two files. Each one popped up a ‘download’ dialog, which when complete offered the option to accept the cert for use and a tag for the certificate.
And that’s it, my email now seems to flow freely just about all the time. A few more trips back and forth across access point boundaries should establish how well it works. But so far it’s looking pretty good.
