Re: Connecting PDA/Phone to Web Services using SSL?

Yes I did. I even used the SslChainSaver tool that Scott( from the Windows
Mobile Team Blog ) recommended to verify that there were not any
intermediate certs required. I ran that tool this morning and it say that
only the root cert was required. Intermediate certs are included in the
chain. So, to be safe, I took the output .cer files and moved them to the
device to be sure, and still no go, same error. IE will connect fine to the
web service without any certificate warnings, but my application refuses to
make a successful connection to the web service using SSL.

I'm open to suggestions. Any other idea I can/should try? I have a customer
who would like to use my application, but they require it to use SSL for the
connection.

My configuration is simple. Its a Windows 2003 SP1 server running IIS. There
is a virtual directory hosting the web serivce under IIS. This server is in
a Windows 2003 AD domain with Certificate Services installed on the DC. It
has the root cert and my IIS server has its own cert assigned to it by the
CA on the DC. The CA root cert has been copied over to the emulator. IE will
make a successful connection from the emulator without any cert warnings,
but everytime I try to make the connection using the logic below, I get the
error "Can not read data from the transport connection", inner exception
"The remote certificate failed the validation procedure".

One of the posters in the Smart Device forums said that x509 certificates
were not supported. But it seems like I'm trying to do the same thing that
Exchange is already doing(tons of docs on how to configure that). It would
seem that it should work. Am I chasing my tail? Shouldnt this work? If you
say I need ISA Server I am going to java! :)

Thanks in advance,
Nick

"Ginny Caughey [MVP]" <ginny.caughey.online@xxxxxxxxxxxxxx> wrote in message
news:AEF7F16D-5D3C-42E7-9C62-722BBFA91E0D@xxxxxxxxxxxxxxxx
DevDude,

Did you copy the certificate to your device and install it?

--
Ginny


"DevDude" <icq69@xxxxxxxxx> wrote in message
news:45d31175$0$9435$4c368faf@xxxxxxxxxxxxxxxxx
I am using the following code to make a connection to a remote web service
running on my windows 2003 server. The server is in a domain using
Certificate Services. I have assigned a certificate to the default web
site and configured it. I can connect to the web service using IE, but
when trying to make a web connection via my application, I get various
errors. I can't seem to make it work. Here is a similar example to my
code:

service.Url = @"https://"; + Server + @"/WebService1/WebService1.asmx";
System.Net.NetworkCredential NC = new NetworkCredential();
ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
NC.UserName = username;
NC.Password = password;
NC.Domain = domain;
service.Credentials = NC;

try
{
if (service.IsConnected())
{
return true;
}
else
{
return false;
}
}
catch(Exception except)
{
MessageBox.Show(except.Message);
}

return false;

When I am not using https, things connect fine. When I use https, I get
"Unable to read data from the network connection", inner exception is
"the remote certificate failed validation procedure".

Is there something I'm doing wrong, or is this simply not supported with
Windows Mobile?

I can't seem to find any clear answers out there. I have added the root
certificate to my mobile device store and it doesnt change the error
returned. Can anyone tell me how to make it work securly? I need to pass
admin credentials around with other various sensitive data and I need a
secure connection from the mobile device. Microsoft is doing it with
Outlook, so you would think it should work.

Thanks in advance,

Nick





.

Relevant Pages

  • Re: winsock + Schannel => Expired Intermediate Cert
    ... the TLS handshake can be found in the certificate store referenced by ... cert chain to the client instead of just the server's cert. ... CA cert stored locally in order to trust a given server cert. ... to create an SSL connection to a well known server. ...
    (microsoft.public.platformsdk.security)
  • Re: Netcat through Squid HTTP Proxy
    ... >>this requests through some logic to determine if this is an OK request, ... >>new connection to the site requested, checks the certificate and sends the ... WebServer provides a valid cert, signed, etc. ...
    (Pen-Test)
  • RE: [Full-Disclosure] MSN Webcam / Chat Spoof
    ... OCSP is not per cert, you can request cert status of multiple certificates ... Yes with OCSP you have less data per connection, ... certificate validation, the size of the CRL would be irrelevant. ...
    (Full-Disclosure)
  • Re: Certificate problem
    ... The certificate has been imported into the Personal Cert store. ... Failed to connect to server. ... "The connection has terminated unexpectedly. ...
    (microsoft.public.inetserver.iis)
  • Re: ipsec with certificate authentication issue
    ... much less logging than Windows 2003. ... certificate from the computer store. ... The cert was obtained via ms cert ...
    (microsoft.public.win2000.security)