Re: Connecting PDA/Phone to Web Services using SSL?

Nick,

The only other thing that comes to mind is can you ping the server? Maybe someone else will have suggestions too.

--
Ginny


"DevDude" <icq69@xxxxxxxxx> wrote in message news:45d3f137$0$4919$4c368faf@xxxxxxxxxxxxxxxxx
Yes I did. I even used the SslChainSaver tool that Scott( from the Windows Mobile Team Blog ) recommended to verify that there were not any intermediate certs required. I ran that tool this morning and it say that only the root cert was required. Intermediate certs are included in the chain. So, to be safe, I took the output .cer files and moved them to the device to be sure, and still no go, same error. IE will connect fine to the web service without any certificate warnings, but my application refuses to make a successful connection to the web service using SSL.

I'm open to suggestions. Any other idea I can/should try? I have a customer who would like to use my application, but they require it to use SSL for the connection.

My configuration is simple. Its a Windows 2003 SP1 server running IIS. There is a virtual directory hosting the web serivce under IIS. This server is in a Windows 2003 AD domain with Certificate Services installed on the DC. It has the root cert and my IIS server has its own cert assigned to it by the CA on the DC. The CA root cert has been copied over to the emulator. IE will make a successful connection from the emulator without any cert warnings, but everytime I try to make the connection using the logic below, I get the error "Can not read data from the transport connection", inner exception "The remote certificate failed the validation procedure".

One of the posters in the Smart Device forums said that x509 certificates were not supported. But it seems like I'm trying to do the same thing that Exchange is already doing(tons of docs on how to configure that). It would seem that it should work. Am I chasing my tail? Shouldnt this work? If you say I need ISA Server I am going to java! :)

Thanks in advance,
Nick

"Ginny Caughey [MVP]" <ginny.caughey.online@xxxxxxxxxxxxxx> wrote in message news:AEF7F16D-5D3C-42E7-9C62-722BBFA91E0D@xxxxxxxxxxxxxxxx
DevDude,

Did you copy the certificate to your device and install it?

--
Ginny


"DevDude" <icq69@xxxxxxxxx> wrote in message news:45d31175$0$9435$4c368faf@xxxxxxxxxxxxxxxxx
I am using the following code to make a connection to a remote web service running on my windows 2003 server. The server is in a domain using Certificate Services. I have assigned a certificate to the default web site and configured it. I can connect to the web service using IE, but when trying to make a web connection via my application, I get various errors. I can't seem to make it work. Here is a similar example to my code:

service.Url = @"https://"; + Server + @"/WebService1/WebService1.asmx";
System.Net.NetworkCredential NC = new NetworkCredential();
ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();
NC.UserName = username;
NC.Password = password;
NC.Domain = domain;
service.Credentials = NC;

try
{
if (service.IsConnected())
{
return true;
}
else
{
return false;
}
}
catch(Exception except)
{
MessageBox.Show(except.Message);
}

return false;

When I am not using https, things connect fine. When I use https, I get "Unable to read data from the network connection", inner exception is "the remote certificate failed validation procedure".

Is there something I'm doing wrong, or is this simply not supported with Windows Mobile?

I can't seem to find any clear answers out there. I have added the root certificate to my mobile device store and it doesnt change the error returned. Can anyone tell me how to make it work securly? I need to pass admin credentials around with other various sensitive data and I need a secure connection from the mobile device. Microsoft is doing it with Outlook, so you would think it should work.

Thanks in advance,

Nick






.

Relevant Pages

  • Re: Configuring SBS2003 for OWA and RWW
    ... And make sure certificate will not be ... On the Connection Type page, click Broadband, and then click Next. ... next to Preferred DNS server and next to ... If you are using ISA, please go to ISA management console, and navigate ...
    (microsoft.public.windows.server.sbs)
  • Re: winsock + Schannel => Expired Intermediate Cert
    ... the TLS handshake can be found in the certificate store referenced by ... cert chain to the client instead of just the server's cert. ... CA cert stored locally in order to trust a given server cert. ... to create an SSL connection to a well known server. ...
    (microsoft.public.platformsdk.security)
  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)
  • Re: Activesync between Windows Mobile 5 and SBS2003 gives error
    ... If you don't find a cert here that matches the URL for OWA, you need to re-run the CEICW wizard on the SBS box and re-create the self signed cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)