Windows Mobile + https + clientcertificates?

Hi all,

I am trying to write an application which communicates with a webservice via SOAP, from a Windows Mobile 6 device.

The web server is configured to use SSL and client certificates for authentication. Additionally, the server certificate on the test server is self-signed (the live server is not), and so the client application needs to be able to ignore server certificate errors (non trusted CA), and also supply the correct client certificate.

I have written applications under Windows XP which are able to cope with this, but as yet have been unable to port them over to the WM6 device. I have so far tried two approaches:

- C# using a proxy class created from the .wsdl. When running from the Windows XP environment, I had to set the ClientCertificates member, and also an ICertificatePolicy to ignore the certificate errors on the test server. I am unable to do either of these things in the .NET Compact Framework.

- C++, using msxml's IXMLHTTPRequest object to submit the request. Under XP I was able to use IServerXMLHTTPRequest and use setOption to set both the client certificate, and the server certificate error handling options, but since this interface doesnt exist in the WM6 implementation of msxml this seems a dead end too. When using IXMLHTTPRequest, unlike under XP, the client prompts for the certificate from the local store, but I still get an error (status 0 for some reason, and no response data), which I assume is because of the self-signed server certificate? Also, it wouldnt really be acceptable to prompt the user each time for the certificate, so I would want to do this programatically.

It seems like this should be possible as IE is able to connect once I have supplied the client certificate - so am I simply missing the right interface? Does anyone have any suggestions on how I can get this to work?

Does nobody else out there use client certificates in a mobile environment? I expected the security aspects to be even more important in a mobile environment, so am surprised that this seems to be unsupported functionality.

TIA

Anthony

.

Relevant Pages

  • Re: Exchange in iPod touch with SBS 2003 R2
    ... I am planning to by a new mobile phone and I was thinking on have a iphone ... I think I may be missing something at the server end. ... The certificate I think is the issue. ...
    (microsoft.public.windows.server.sbs)
  • Strange IIS 5 problem with client certificates
    ... We are having a strange IIS 5.0 problem involving client certificates. ... We have a system with a central server running Win2K and IIS 5.0, ... HTTPS, authenticate themselves via client certificate, and then POST data to ...
    (microsoft.public.inetserver.iis.security)
  • RPC over HTTP, Microsoft solution
    ... Exchange Server 2003 RPC over HTTP Deployment Scenarios ... Place a check in the box next to 'Certificate Services' and click 'Yes' ...
    (microsoft.public.exchange.setup)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: Exchange Activesync and Internal / External Domain on SBS 2003
    ... Cert A- for "publishing.internal.local" ... Then open the ISA Server manager and open the web publishing rule ... You should install certificate B on the publishing rule on the ISA ... A good tip for troubleshooting ActiveSync issues is opening up Mobile ...
    (microsoft.public.windows.server.sbs)
Quantcast