Re: CE 5.0 Web Server SSL issue
- From: "Paul G. Tobey [eMVP]" <p space tobey no spam AT no instrument no spam DOT com>
- Date: Tue, 23 Oct 2007 13:31:07 -0700
You might set MasterKeysInRegistry, which you can find in the help, to cause
various things that would normally be stored in the object store, which may
not be persistent through your cold boot, to be saved in the registry
instead (of course, you have to flush that).
Paul T.
"Tom" <kuhnto@xxxxxxxxx> wrote in message
news:1193170797.256100.29960@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Here is a step by step of what I am testing.
Source code and certs are at http://spilledwhine.com/code for anyone
who would love to join in in the hunt for the problem.
Here we go:
1. Flash New image
2. Format FLash
3. Cold Reboot
4. Set Date
5. Set IP
6. Cold Boot
7. Copy web files to \windows\www
8. Check current-httpd.log
Wed, 14 Nov 2007 09:06:30 The web server is starting up.
9. Hot http web page, and get to our connection page
10. Run certtest in debug through VS2005 (If you try this, I am
testing with the JWARN Server Cert-Test.pfx... You will need to change
the source.)
10a. (code)Finds Subject and issuer of certificate
10b. (code)Sets httpd\sslcertificatesubject to proper subject
10c. (code)Stores the cert
10d. (code)Only iterates once through while ((hContext =
CertEnumCertificatesInStore(hTempCertStore, hContext)) != 0) - It
should iterate more than once I would think, as the root CA should be
in there.
10e. (code)enable SSL in ("Comm\\HTTPD\\SSL\\", "IsEnabled", 1)
10f. (code)Flush all registries
10g. (code)App finishes
11. Check registry in Remote registry editor
HKCU\COMM\SystemCertificates\MY has one cert
HKLM\COMM\SystemCertificates\MY has one cert
HKLM\COMM\SystemCertificates\ROOT has 11 certs So no root got added.
I thought the PFX had a Root DoD cert in it.
12. Check the current-httpd.log
Wed, 14 Nov 2007 09:06:30 The web server is starting up.
Wed, 14 Nov 2007 09:12:42 137.51.25.53 GET /CheckMode.asp 302
Wed, 14 Nov 2007 09:23:01 The web server has begun shutdown sequence.
Wed, 14 Nov 2007 09:23:01 The web server has completed shutdown
sequence.
Wed, 14 Nov 2007 09:23:01 The web server is starting up.
13. Hit the HTTP site, and get my connection site.
14. Hit the HTTPS site - and it works! I get offered the cert like I
am supposed to (Please understand that I am typing this as I go
through testing. It usually does not work here?!?! But it is... I am
really confused)
15. Ok, well lets try a cold boot, nothing will get past that...
Unplugging.... Plugging in... Booting...
16. Check date... OK
17. Check current-httpd.log
Wed, 14 Nov 2007 09:36:17 The web server is starting up.
Wed, 14 Nov 2007 09:36:19 The web server cannot initialize SSL, no SSL
actions will be performed. Error code = 0x8009030d
Well, it seems that it is not working past the cold boot.
18. Check registry
HKCU\COMM\SystemCertificates\MY has one cert
HKLM\COMM\SystemCertificates\MY has one cert
HKLM\COMM\SystemCertificates\ROOT has 11 certs
HKLM\COMM\SSL\Certificatesubject - JWARN Server Cert-Test
HKLM\COMM\SSL\isenabled- 1
Nothing seems to have changed that I can see in the registry.
19. Hit the HTTP site - nothing
20. Hit the HTTPS site - Nothing
Anyone out there got any more ideas?
Tom
.
- Follow-Ups:
- Re: CE 5.0 Web Server SSL issue
- From: Tom
- Re: CE 5.0 Web Server SSL issue
- References:
- CE 5.0 Web Server SSL issue
- From: Tom
- Re: CE 5.0 Web Server SSL issue
- From: Tom
- Re: CE 5.0 Web Server SSL issue
- From: Tom
- CE 5.0 Web Server SSL issue
- Prev by Date: Re: CE 5.0 Web Server SSL issue
- Next by Date: Data Abort while booting using XIP on Wince6.0
- Previous by thread: Re: CE 5.0 Web Server SSL issue
- Next by thread: Re: CE 5.0 Web Server SSL issue
- Index(es):
Relevant Pages
|
