Re: SSL/https not working

From: John Spaith [MS] (jspaith_at_ONLINE.microsoft.com)
Date: 06/14/04

• Next message: Steve Maillet \(eMVP\): "Re: Clone a project???"
• Previous message: lur: "Problem with IPSM and Micron flashes in PB 4.2"
• In reply to: K. S. Huang: "Re: SSL/https not working"
• Next in thread: Mo: "Re: SSL/https not working"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 14 Jun 2004 09:59:58 -0700

We're currently trying to get a good story/template for headless WinCE
devices. There's a thread somewhat related to this on
microsoft.public.win32.programmer.wince, "SSL On Web Server" created by
Hadim.

The CoreOS has all the existing API's and utilities to make this work today.
The issue is for MS to get something pretty close to a solution to this
problem that you guys can copy/paste/modify to get everything going.

-- 
John Spaith
Software Design Engineer, Windows CE
Microsoft Corporation
Have an opinion on the effectiveness of Microsoft Embedded newsgroups?  Let
us know!
https://www.windowsembeddedeval.com/community/newsgroups
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2003 Microsoft Corporation. All rights
reserved.
"K. S. Huang" <ks_huang@alphanetworks.com.remove.this> wrote in message
news:uIec$l8TEHA.1048@tk2msftngp13.phx.gbl...
> So will the formal procedure for HL device including in 5.0??
> We want to build a Gateway device that the configuration Web pages need to
> be SSL enabled!
>
> "John Spaith [MS]" <jspaith@ONLINE.microsoft.com> ¼¶¼g©ó¶l¥ó·s»D
> :OlbpnPxTEHA.3404@TK2MSFTNGP10.phx.gbl...
> > You also need to install a server certificate for the CE Web Server and
> tell
> > the web server to use that certificate.  Here are instructions that will
> > work if your device has a UI and control panel.  We're looking right now
> at
> > how to get SSL certs on headless devices in a relatively easy fashion.
> This
> > can be a very hard problem because you want the certificate subject name
> to
> > be the same as the machine itself.  If a user changes the machine name
> then
> > you'd have to get a new cert, for example.
> >
> > HOW TO SETUP SERVER CERTIFICATE FOR WINCE WEB SERVER/SSL ON A DISPLAY
> BASED
> > DEVICE
> > Stage I - Getting the certificate
> > (1) Open http:// Server>/certsrv/ (This is a cert server running
> > Windows 2000 or Windows 2003 that will create the certificate for you.
> > You're on your own to figure out how to install this.  Non Windows Cert
> > Servers will also work I'm sure, but the setup will obviously be
> different.)
> > (2) Select "Request a Certificate"
> > (3) Select "advanced certificate request."
> > (4) Select "Create and submit a request to this CA. "
> > (5) Fill in identifying information.  "Name" should be the name of the
> > machine you're requesting cert for
> > (6) In "Type of Certificate Needed", select "Server Authentication
> > Certificate"
> > (7) Under "Key Options", select "Mark keys as exportable" and also
"Export
> > keys to file".  Enter a file on your harddrive when this appears
> > (8) Select "Submit"
> > (9) Acknowledge all the security warnings that appear.  Enter a password
> for
> > the private key once it comes up.
> > (10) On new page, select "Download the certificate" and save it to your
> hard
> > drive.
> >
> > You now have on your hardrive 2 files.  One is the certificate (.cer)
and
> > the other the private key (.pvk)
> >
> >
> > Stage II - Install the certificate on the WinCE device (Display based
> > devices)
> > (1) Copy the 2 files from stage (I) to your device
> > (2) In the Control Panel, select "Certificates".
> > (3) Select the "My Certificate" store
> > (4) Select Import.  When dialog box comes up, select "From a file".
> Select
> > the .cer file and import it.
> > After completing this, you will see the certificate subject name in the
> list
> > of certs in "My Certificate" store.
> > (5) Select Import and again "from a file".  Change the file type from
> > Certificates to "Private Keys".  Select  the .pvk that you created in
> Stage
> > I.  Enter the password you created for it when prompted.
> >
> > Now the certificate is registered
> >
> > III - Get Web Server to know it should use this certificate
> > (1) Add the following registry (it's OK to have this burned into the
> image)
> > [HKEY_LOCAL_MACHINE\COMM\HTTPD\SSL]
> > "IsEnabled"=dword:1
> > "CertificateSubject"="<certificate subject name from previous Stages>"
> >
> > (2) You must refresh the web server to have it re-read the certificate
> > information.  Even if the proper settings were burned into ROM, you must
> > still do the refresh after installing the certificate.  You can do this
> via
> > 'services refresh HTP0:"
> >
> > --
> > John Spaith
> > Software Design Engineer, Windows CE
> > Microsoft Corporation
> >
> > Have an opinion on the effectiveness of Microsoft Embedded newsgroups?
> Let
> > us know!
> > https://www.windowsembeddedeval.com/community/newsgroups
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > You assume all risk for your use. ?2003 Microsoft Corporation. All
rights
> > reserved.
> >
> > "Dante" <anonymous@discussions.microsoft.com> wrote in message
> > news:01853E1D-D160-4E82-A4F7-EC6F679B0CE8@microsoft.com...
> > > From my device, when i go to a secure website (https://theaddress.com)
> > from internet explorer, it says page cannot be displayed. If i go to any
> non
> > secure site (http://theaddress.com) it works fine. So what do i need to
> add
> > to platform builder to get SSL to work?
> > >
> > >  I already added "Schannel(SSL/TLS)" from platform builders catalog
and
> i
> > am using iesample.exe for internet explorer. And if i go to internet
> options
> > from internet explorer, i see that SSL 2.0 and SSL 3.0 are both checked.
I
> > am using platform builder 4.2.
> >
> >
>
>

• Next message: Steve Maillet \(eMVP\): "Re: Clone a project???"
• Previous message: lur: "Problem with IPSM and Micron flashes in PB 4.2"
• In reply to: K. S. Huang: "Re: SSL/https not working"
• Next in thread: Mo: "Re: SSL/https not working"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: SSL/https not working ... > the web server to use that certificate. ... > how to get SSL certs on headless devices in a relatively easy fashion. ... Non Windows Cert ... (microsoft.public.windowsce.platbuilder) Re: SSL questions ... >> you use Apache as a web server. ... So make sure that you have an IP based virtual host. ... >> the hosting service that you want one for SSL. ... >> be sure that all browsers support your SSL certificate. ... (alt.php) Re: Issues with SSL on Win CE 5.0 ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ... (microsoft.public.windowsce.embedded) Re: Issues with SSL on Win CE 5.0 ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ... (microsoft.public.windowsce.embedded) RE: ssh and ids ... external system is something that's done routinely with SSL ... Should an attacker root your web server, how safe will your private keys ... As far as IDS being able to do much with encrypted traffic, ... (Focus-IDS)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint