Re: SSL/https not working
From: K. S. Huang (ks_huang_at_alphanetworks.com.remove.this)
Date: 06/11/04
- Next message: Paul G. Tobey [eMVP]: "Re: How to get the WM_KEYDOWN in Input Method ?"
- Previous message: John Spaith [MS]: "Re: SSL/https not working"
- In reply to: John Spaith [MS]: "Re: SSL/https not working"
- Next in thread: John Spaith [MS]: "Re: SSL/https not working"
- Reply: John Spaith [MS]: "Re: SSL/https not working"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 11 Jun 2004 23:35:55 +0800
So will the formal procedure for HL device including in 5.0??
We want to build a Gateway device that the configuration Web pages need to
be SSL enabled!
"John Spaith [MS]" <jspaith@ONLINE.microsoft.com> ¼¶¼g©ó¶l¥ó·s»D
:OlbpnPxTEHA.3404@TK2MSFTNGP10.phx.gbl...
> You also need to install a server certificate for the CE Web Server and
tell
> the web server to use that certificate. Here are instructions that will
> work if your device has a UI and control panel. We're looking right now
at
> how to get SSL certs on headless devices in a relatively easy fashion.
This
> can be a very hard problem because you want the certificate subject name
to
> be the same as the machine itself. If a user changes the machine name
then
> you'd have to get a new cert, for example.
>
> HOW TO SETUP SERVER CERTIFICATE FOR WINCE WEB SERVER/SSL ON A DISPLAY
BASED
> DEVICE
> Stage I - Getting the certificate
> (1) Open http://
> Windows 2000 or Windows 2003 that will create the certificate for you.
> You're on your own to figure out how to install this. Non Windows Cert
> Servers will also work I'm sure, but the setup will obviously be
different.)
> (2) Select "Request a Certificate"
> (3) Select "advanced certificate request."
> (4) Select "Create and submit a request to this CA. "
> (5) Fill in identifying information. "Name" should be the name of the
> machine you're requesting cert for
> (6) In "Type of Certificate Needed", select "Server Authentication
> Certificate"
> (7) Under "Key Options", select "Mark keys as exportable" and also "Export
> keys to file". Enter a file on your harddrive when this appears
> (8) Select "Submit"
> (9) Acknowledge all the security warnings that appear. Enter a password
for
> the private key once it comes up.
> (10) On new page, select "Download the certificate" and save it to your
hard
> drive.
>
> You now have on your hardrive 2 files. One is the certificate (.cer) and
> the other the private key (.pvk)
>
>
> Stage II - Install the certificate on the WinCE device (Display based
> devices)
> (1) Copy the 2 files from stage (I) to your device
> (2) In the Control Panel, select "Certificates".
> (3) Select the "My Certificate" store
> (4) Select Import. When dialog box comes up, select "From a file".
Select
> the .cer file and import it.
> After completing this, you will see the certificate subject name in the
list
> of certs in "My Certificate" store.
> (5) Select Import and again "from a file". Change the file type from
> Certificates to "Private Keys". Select the .pvk that you created in
Stage
> I. Enter the password you created for it when prompted.
>
> Now the certificate is registered
>
> III - Get Web Server to know it should use this certificate
> (1) Add the following registry (it's OK to have this burned into the
image)
> [HKEY_LOCAL_MACHINE\COMM\HTTPD\SSL]
> "IsEnabled"=dword:1
> "CertificateSubject"="<certificate subject name from previous Stages>"
>
> (2) You must refresh the web server to have it re-read the certificate
> information. Even if the proper settings were burned into ROM, you must
> still do the refresh after installing the certificate. You can do this
via
> 'services refresh HTP0:"
>
> --
> John Spaith
> Software Design Engineer, Windows CE
> Microsoft Corporation
>
> Have an opinion on the effectiveness of Microsoft Embedded newsgroups?
Let
> us know!
> https://www.windowsembeddedeval.com/community/newsgroups
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> You assume all risk for your use. ?2003 Microsoft Corporation. All rights
> reserved.
>
> "Dante" <anonymous@discussions.microsoft.com> wrote in message
> news:01853E1D-D160-4E82-A4F7-EC6F679B0CE8@microsoft.com...
> > From my device, when i go to a secure website (https://theaddress.com)
> from internet explorer, it says page cannot be displayed. If i go to any
non
> secure site (http://theaddress.com) it works fine. So what do i need to
add
> to platform builder to get SSL to work?
> >
> > I already added "Schannel(SSL/TLS)" from platform builders catalog and
i
> am using iesample.exe for internet explorer. And if i go to internet
options
> from internet explorer, i see that SSL 2.0 and SSL 3.0 are both checked. I
> am using platform builder 4.2.
>
>
- Next message: Paul G. Tobey [eMVP]: "Re: How to get the WM_KEYDOWN in Input Method ?"
- Previous message: John Spaith [MS]: "Re: SSL/https not working"
- In reply to: John Spaith [MS]: "Re: SSL/https not working"
- Next in thread: John Spaith [MS]: "Re: SSL/https not working"
- Reply: John Spaith [MS]: "Re: SSL/https not working"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
|
