Re: SSL/https not working

From: John Spaith [MS] (jspaith_at_ONLINE.microsoft.com)
Date: 06/11/04 

Date: Fri, 11 Jun 2004 08:29:24 -0700

D'oh -sorry about that. Someone on another thread posted the question I
answer and I assumed that was what you were asking too. 

-- 
John Spaith
Software Design Engineer, Windows CE
Microsoft Corporation
Have an opinion on the effectiveness of Microsoft Embedded newsgroups?  Let
us know!
https://www.windowsembeddedeval.com/community/newsgroups
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2003 Microsoft Corporation. All rights
reserved.
"Dante" <Dante@discussions.microsoft.com> wrote in message
news:1D184C38-4207-4F45-9597-60CC228ACF73@microsoft.com...
> I'm not trying to get a CE Web server with SSL. I'm trying to access a
secure website from my device on a typical web server, like
https://paypal.com for example.
>
> "John Spaith [MS]" wrote:
>
> > You also need to install a server certificate for the CE Web Server and
tell
> > the web server to use that certificate.  Here are instructions that will
> > work if your device has a UI and control panel.  We're looking right now
at
> > how to get SSL certs on headless devices in a relatively easy fashion.
This
> > can be a very hard problem because you want the certificate subject name
to
> > be the same as the machine itself.  If a user changes the machine name
then
> > you'd have to get a new cert, for example.
> >
> > HOW TO SETUP SERVER CERTIFICATE FOR WINCE WEB SERVER/SSL ON A DISPLAY
BASED
> > DEVICE
> > Stage I - Getting the certificate
> > (1) Open http:// Server>/certsrv/ (This is a cert server running
> > Windows 2000 or Windows 2003 that will create the certificate for you.
> > You're on your own to figure out how to install this.  Non Windows Cert
> > Servers will also work I'm sure, but the setup will obviously be
different.)
> > (2) Select "Request a Certificate"
> > (3) Select "advanced certificate request."
> > (4) Select "Create and submit a request to this CA. "
> > (5) Fill in identifying information.  "Name" should be the name of the
> > machine you're requesting cert for
> > (6) In "Type of Certificate Needed", select "Server Authentication
> > Certificate"
> > (7) Under "Key Options", select "Mark keys as exportable" and also
"Export
> > keys to file".  Enter a file on your harddrive when this appears
> > (8) Select "Submit"
> > (9) Acknowledge all the security warnings that appear.  Enter a password
for
> > the private key once it comes up.
> > (10) On new page, select "Download the certificate" and save it to your
hard
> > drive.
> >
> > You now have on your hardrive 2 files.  One is the certificate (.cer)
and
> > the other the private key (.pvk)
> >
> >
> > Stage II - Install the certificate on the WinCE device (Display based
> > devices)
> > (1) Copy the 2 files from stage (I) to your device
> > (2) In the Control Panel, select "Certificates".
> > (3) Select the "My Certificate" store
> > (4) Select Import.  When dialog box comes up, select "From a file".
Select
> > the .cer file and import it.
> > After completing this, you will see the certificate subject name in the
list
> > of certs in "My Certificate" store.
> > (5) Select Import and again "from a file".  Change the file type from
> > Certificates to "Private Keys".  Select  the .pvk that you created in
Stage
> > I.  Enter the password you created for it when prompted.
> >
> > Now the certificate is registered
> >
> > III - Get Web Server to know it should use this certificate
> > (1) Add the following registry (it's OK to have this burned into the
image)
> > [HKEY_LOCAL_MACHINE\COMM\HTTPD\SSL]
> > "IsEnabled"=dword:1
> > "CertificateSubject"="<certificate subject name from previous Stages>"
> >
> > (2) You must refresh the web server to have it re-read the certificate
> > information.  Even if the proper settings were burned into ROM, you must
> > still do the refresh after installing the certificate.  You can do this
via
> > 'services refresh HTP0:"
> >
> > -- 
> > John Spaith
> > Software Design Engineer, Windows CE
> > Microsoft Corporation
> >
> > Have an opinion on the effectiveness of Microsoft Embedded newsgroups?
Let
> > us know!
> > https://www.windowsembeddedeval.com/community/newsgroups
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> > You assume all risk for your use. © 2003 Microsoft Corporation. All
rights
> > reserved.
> >
> > "Dante" <anonymous@discussions.microsoft.com> wrote in message
> > news:01853E1D-D160-4E82-A4F7-EC6F679B0CE8@microsoft.com...
> > > From my device, when i go to a secure website (https://theaddress.com)
> > from internet explorer, it says page cannot be displayed. If i go to any
non
> > secure site (http://theaddress.com) it works fine. So what do i need to
add
> > to platform builder to get SSL to work?
> > >
> > >  I already added "Schannel(SSL/TLS)" from platform builders catalog
and i
> > am using iesample.exe for internet explorer. And if i go to internet
options
> > from internet explorer, i see that SSL 2.0 and SSL 3.0 are both checked.
I
> > am using platform builder 4.2.
> >
> >
> >

Relevant Pages

  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • RE: http://companyweb /remote /backup /Monitoring HELP
    ... entire Web site from the Internet" is selected. ... On the "Web Server Certificate" page, choose to create a new Web server ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)