Re: SSL/https not working
From: Dante (Dante_at_discussions.microsoft.com)
Date: 06/11/04
- Next message: hxiaow: "RE: bluetooth question"
- Previous message: Rick: "Re: WINCE .NET 4.2/Accelent"
- In reply to: John Spaith [MS]: "Re: SSL/https not working"
- Next in thread: John Spaith [MS]: "Re: SSL/https not working"
- Reply: John Spaith [MS]: "Re: SSL/https not working"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 11 Jun 2004 08:24:01 -0700
I'm not trying to get a CE Web server with SSL. I'm trying to access a secure website from my device on a typical web server, like https://paypal.com for example.
"John Spaith [MS]" wrote:
> You also need to install a server certificate for the CE Web Server and tell
> the web server to use that certificate. Here are instructions that will
> work if your device has a UI and control panel. We're looking right now at
> how to get SSL certs on headless devices in a relatively easy fashion. This
> can be a very hard problem because you want the certificate subject name to
> be the same as the machine itself. If a user changes the machine name then
> you'd have to get a new cert, for example.
>
> HOW TO SETUP SERVER CERTIFICATE FOR WINCE WEB SERVER/SSL ON A DISPLAY BASED
> DEVICE
> Stage I - Getting the certificate
> (1) Open http://
> Windows 2000 or Windows 2003 that will create the certificate for you.
> You're on your own to figure out how to install this. Non Windows Cert
> Servers will also work I'm sure, but the setup will obviously be different.)
> (2) Select "Request a Certificate"
> (3) Select "advanced certificate request."
> (4) Select "Create and submit a request to this CA. "
> (5) Fill in identifying information. "Name" should be the name of the
> machine you're requesting cert for
> (6) In "Type of Certificate Needed", select "Server Authentication
> Certificate"
> (7) Under "Key Options", select "Mark keys as exportable" and also "Export
> keys to file". Enter a file on your harddrive when this appears
> (8) Select "Submit"
> (9) Acknowledge all the security warnings that appear. Enter a password for
> the private key once it comes up.
> (10) On new page, select "Download the certificate" and save it to your hard
> drive.
>
> You now have on your hardrive 2 files. One is the certificate (.cer) and
> the other the private key (.pvk)
>
>
> Stage II - Install the certificate on the WinCE device (Display based
> devices)
> (1) Copy the 2 files from stage (I) to your device
> (2) In the Control Panel, select "Certificates".
> (3) Select the "My Certificate" store
> (4) Select Import. When dialog box comes up, select "From a file". Select
> the .cer file and import it.
> After completing this, you will see the certificate subject name in the list
> of certs in "My Certificate" store.
> (5) Select Import and again "from a file". Change the file type from
> Certificates to "Private Keys". Select the .pvk that you created in Stage
> I. Enter the password you created for it when prompted.
>
> Now the certificate is registered
>
> III - Get Web Server to know it should use this certificate
> (1) Add the following registry (it's OK to have this burned into the image)
> [HKEY_LOCAL_MACHINE\COMM\HTTPD\SSL]
> "IsEnabled"=dword:1
> "CertificateSubject"="<certificate subject name from previous Stages>"
>
> (2) You must refresh the web server to have it re-read the certificate
> information. Even if the proper settings were burned into ROM, you must
> still do the refresh after installing the certificate. You can do this via
> 'services refresh HTP0:"
>
> --
> John Spaith
> Software Design Engineer, Windows CE
> Microsoft Corporation
>
> Have an opinion on the effectiveness of Microsoft Embedded newsgroups? Let
> us know!
> https://www.windowsembeddedeval.com/community/newsgroups
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> You assume all risk for your use. © 2003 Microsoft Corporation. All rights
> reserved.
>
> "Dante" <anonymous@discussions.microsoft.com> wrote in message
> news:01853E1D-D160-4E82-A4F7-EC6F679B0CE8@microsoft.com...
> > From my device, when i go to a secure website (https://theaddress.com)
> from internet explorer, it says page cannot be displayed. If i go to any non
> secure site (http://theaddress.com) it works fine. So what do i need to add
> to platform builder to get SSL to work?
> >
> > I already added "Schannel(SSL/TLS)" from platform builders catalog and i
> am using iesample.exe for internet explorer. And if i go to internet options
> from internet explorer, i see that SSL 2.0 and SSL 3.0 are both checked. I
> am using platform builder 4.2.
>
>
>
- Next message: hxiaow: "RE: bluetooth question"
- Previous message: Rick: "Re: WINCE .NET 4.2/Accelent"
- In reply to: John Spaith [MS]: "Re: SSL/https not working"
- Next in thread: John Spaith [MS]: "Re: SSL/https not working"
- Reply: John Spaith [MS]: "Re: SSL/https not working"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
