Some time during the last month remote access stopped working with error:
“Unable to execute command. Please check your settings.”
I’m using Samsung Vibrant with JI6 Tmobile patch. Local access still works fine.
Short investigation revealed the following:
On October 24th 2010, MCV updated their ra2.findvera.com website certificate
(judging by the issue date of the new one).
The new certificate is signed with new StartCom CA cert that my Vibrant doesn’t
have in the list of trusted root certs (I use standard Vibrant image with root, but
no other changes).
To verify if your Android has the same problem, open the following link in Android browser:
https://ra2.findvera.com////data_request?output_format=json&id=user_data2
(substitute and for you credentials). If untrusted cert warning comes up –
you have the same issue and Home Buddy will probably not work on your phone.
So the fix is to add new StartCom CA to your Android. You will need root access for this.
This link describes the process of adding new root cert very well:
http://wiki.cacert.org/ImportRootCert#Android_Phones
The only change is the cert you’ll be adding. Instead of their root.crt you’ll need StartCom’s:
- in Firefox, go to Tools->Options->Advanced->Encryption->View Certificates->Authorities
- scroll down to StartCom Ltd.
- you’ll only need their root cert, called “StartCom Certification Authority”
- click on it and Export to file “StartComCertificationAuthority.crt”
- this is the file you’ll use instead of root.crt in the above instructions
- SHA1 fingerprint of this cert is 3E:2B:F7:F2:03:1B:96:F3:8C:E6:C4:D8:A8:5D:3E:2D:58:47:6A:0F
- your insert command per above instructions should look something like:
keytool -keystore cacerts.bks -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass changeit -importcert -trustcacerts -alias StartCom -file StartComCertificationAuthority.crt
- continue with the above instructions onto pushing modified cacerts.bks back to your phone.
- reboot the phone. Opening ra2 link above in the browser should not give a warning anymore
and Home Buddy should work as well.
Note for the Home Buddy developer:
I’m not familiar with Android APIs, but I’d be surprised if they didn’t allow specifying custom
set of root certificates when an application opens SSL connection using their security framework.
If so, then you should simply include StartComCertificationAuthority.crt with your app and use
it when opening the connection.