|
|
You're in the
dotnet compact framework
group:How do I install a SSL Certificate on a WinCE 5.0 Device?
dotnet compact framework:
You need to use the makecab.exe command-line tool, ie:
makecab _setup.xml myCab.cab. Simply running this cab on the device should install it. I take it your XML contains the wap-provsioningdoc schema that contains your cert encoded in base64 x.509? Alternativly you could provision your device using the DMProcessConfigXML call. -- Simon Hart Visual Developer - Device Application Development MVP http://simonrhart.blogspot.com [quoted text, click to view] "Greg Hellem" wrote:
> Please excuse me if this has been covered previously, but I've searched for > the past two days and can only find references to installing certificates > (for https communications) to PocketPC, Windows Mobile 5/6, and SmartPhones > but nothing about how to install a cert under WinCE5. Our host server uses a > SSL Cert issued by VeriSign. I've copied the cert info to my desktop and > created a _setup.xml as outlined in several posts/blogs but I can't figure > out how to wrap that xml into a Visual Studio 2005 - SmartDevice CAB File... > I've successfully copied the .cer file to the WinCE device (Symbol/Motorola > MC3000 series), executed the Certificates applet in the Control Panel, > accepted the prompt to add it to the store, and the import worked perfectly. > But, is there a way for me to call CertManage.exe with some type of /silent > switch so I can programmatically import the cert without user intervention? > Or, is there a way for the VS2005 CAB to install the cert when it gets > expanded/installed? Oh, and this version of WinCE 5.0 doesn't contain any > VeriSign certs in the OEM Build. > > I am investigating how to properly implement these types of certificates > because this device is apparently using 40 or 56-bit encryption when > communicating to our SSL Servers and I'm trying to increase the encryption > level to 128-bit. Our IT Dept increased the security levels on our servers > to 128-bit and all of a sudden my .NET 2.0 CF apps were unable to > communicate with the servers until they lowered it back down to 40 or 56-bit > (something like that). > > And I do believe another side-effect of these "low-bit" encryption > communications (or improperly accepting all cert discrepancies using the > CheckValidationResult method in the LocalCertificatePolicy) are the fact the > all of my SOAP Requests greater than or equal to 34K become corrupt towards > the end of the file, but ONLY when communicating to our SSL Servers. So I > know I'm doing something wrong in regards to supporting 128-bit > encryption... > > I appreciate any and all responses, > Thank you! > [Also posted to microsoft.dotnet.security] > >
Please excuse me if this has been covered previously, but I've searched for
the past two days and can only find references to installing certificates (for https communications) to PocketPC, Windows Mobile 5/6, and SmartPhones but nothing about how to install a cert under WinCE5. Our host server uses a SSL Cert issued by VeriSign. I've copied the cert info to my desktop and created a _setup.xml as outlined in several posts/blogs but I can't figure out how to wrap that xml into a Visual Studio 2005 - SmartDevice CAB File... I've successfully copied the .cer file to the WinCE device (Symbol/Motorola MC3000 series), executed the Certificates applet in the Control Panel, accepted the prompt to add it to the store, and the import worked perfectly. But, is there a way for me to call CertManage.exe with some type of /silent switch so I can programmatically import the cert without user intervention? Or, is there a way for the VS2005 CAB to install the cert when it gets expanded/installed? Oh, and this version of WinCE 5.0 doesn't contain any VeriSign certs in the OEM Build. I am investigating how to properly implement these types of certificates because this device is apparently using 40 or 56-bit encryption when communicating to our SSL Servers and I'm trying to increase the encryption level to 128-bit. Our IT Dept increased the security levels on our servers to 128-bit and all of a sudden my .NET 2.0 CF apps were unable to communicate with the servers until they lowered it back down to 40 or 56-bit (something like that). And I do believe another side-effect of these "low-bit" encryption communications (or improperly accepting all cert discrepancies using the CheckValidationResult method in the LocalCertificatePolicy) are the fact the all of my SOAP Requests greater than or equal to 34K become corrupt towards the end of the file, but ONLY when communicating to our SSL Servers. So I know I'm doing something wrong in regards to supporting 128-bit encryption... I appreciate any and all responses, Thank you! [Also posted to microsoft.dotnet.security]
Using makecab from the DOS Command Line, with Windows XP Professional,
creates a cab file, but when I attempt to run/unpack it from the mobile device I get this error: The file "\Application\CertTest\rootcert.cab" is not a valid Windows CE Setup file. And yes, the cert was exported as base64 x.509. My _setup.xml consists of the following: <wap-provisioningdoc> <characteristic type="CertificateStore"> <characteristic type="ROOT" > <characteristic type="26e83d5927f019c3119ee778d6339075344f9f99"> <parm name="EncodedCertificate" value=" .... .... Blob removed... .... "/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc> So any ideas on how I can wrap this in a VS2005 WinCE Setup cab and get it to install, or anything else I can try? Thanks! [quoted text, click to view] "Simon Hart [MVP]" <srhartone@yahoo.com> wrote in message news:09583BD7-3858-4B96-8ADC-E99DD1A06630@microsoft.com... > You need to use the makecab.exe command-line tool, ie: > > makecab _setup.xml myCab.cab. > > Simply running this cab on the device should install it. I take it your > XML > contains the wap-provsioningdoc schema that contains your cert encoded in > base64 x.509? > > Alternativly you could provision your device using the DMProcessConfigXML > call. > -- > Simon Hart > Visual Developer - Device Application Development MVP > http://simonrhart.blogspot.com > > > "Greg Hellem" wrote: > >> Please excuse me if this has been covered previously, but I've searched >> for >> the past two days and can only find references to installing certificates >> (for https communications) to PocketPC, Windows Mobile 5/6, and >> SmartPhones >> but nothing about how to install a cert under WinCE5. Our host server >> uses a >> SSL Cert issued by VeriSign. I've copied the cert info to my desktop and >> created a _setup.xml as outlined in several posts/blogs but I can't >> figure >> out how to wrap that xml into a Visual Studio 2005 - SmartDevice CAB >> File... >> I've successfully copied the .cer file to the WinCE device >> (Symbol/Motorola >> MC3000 series), executed the Certificates applet in the Control Panel, >> accepted the prompt to add it to the store, and the import worked >> perfectly. >> But, is there a way for me to call CertManage.exe with some type of >> /silent >> switch so I can programmatically import the cert without user >> intervention? >> Or, is there a way for the VS2005 CAB to install the cert when it gets >> expanded/installed? Oh, and this version of WinCE 5.0 doesn't contain any >> VeriSign certs in the OEM Build. >> >> I am investigating how to properly implement these types of certificates >> because this device is apparently using 40 or 56-bit encryption when >> communicating to our SSL Servers and I'm trying to increase the >> encryption >> level to 128-bit. Our IT Dept increased the security levels on our >> servers >> to 128-bit and all of a sudden my .NET 2.0 CF apps were unable to >> communicate with the servers until they lowered it back down to 40 or >> 56-bit >> (something like that). >> >> And I do believe another side-effect of these "low-bit" encryption >> communications (or improperly accepting all cert discrepancies using the >> CheckValidationResult method in the LocalCertificatePolicy) are the fact >> the >> all of my SOAP Requests greater than or equal to 34K become corrupt >> towards >> the end of the file, but ONLY when communicating to our SSL Servers. So I >> know I'm doing something wrong in regards to supporting 128-bit >> encryption... >> >> I appreciate any and all responses, >> Thank you! >> [Also posted to microsoft.dotnet.security] >> >> >>
Greg,
I posted a reply to the wrong thread! long day...See (Restart Application thread) You have to use CABWIZ.exe for Windows CE devices which itself calls makecab.exe. -- Simon Hart Visual Developer - Device Application Development MVP http://simonrhart.blogspot.com [quoted text, click to view] "Greg Hellem" wrote:
> Using makecab from the DOS Command Line, with Windows XP Professional, > creates a cab file, but when I attempt to run/unpack it from the mobile > device I get this error: The file "\Application\CertTest\rootcert.cab" is > not a valid Windows CE Setup file. > And yes, the cert was exported as base64 x.509. > My _setup.xml consists of the following: > <wap-provisioningdoc> > <characteristic type="CertificateStore"> > <characteristic type="ROOT" > > <characteristic type="26e83d5927f019c3119ee778d6339075344f9f99"> > <parm name="EncodedCertificate" value=" > .... > .... Blob removed... > .... > "/> > </characteristic> > </characteristic> > </characteristic> > </wap-provisioningdoc> > > So any ideas on how I can wrap this in a VS2005 WinCE Setup cab and get it > to install, or anything else I can try? > Thanks! > > "Simon Hart [MVP]" <srhartone@yahoo.com> wrote in message > news:09583BD7-3858-4B96-8ADC-E99DD1A06630@microsoft.com... > > You need to use the makecab.exe command-line tool, ie: > > > > makecab _setup.xml myCab.cab. > > > > Simply running this cab on the device should install it. I take it your > > XML > > contains the wap-provsioningdoc schema that contains your cert encoded in > > base64 x.509? > > > > Alternativly you could provision your device using the DMProcessConfigXML > > call. > > -- > > Simon Hart > > Visual Developer - Device Application Development MVP > > http://simonrhart.blogspot.com > > > > > > "Greg Hellem" wrote: > > > >> Please excuse me if this has been covered previously, but I've searched > >> for > >> the past two days and can only find references to installing certificates > >> (for https communications) to PocketPC, Windows Mobile 5/6, and > >> SmartPhones > >> but nothing about how to install a cert under WinCE5. Our host server > >> uses a > >> SSL Cert issued by VeriSign. I've copied the cert info to my desktop and > >> created a _setup.xml as outlined in several posts/blogs but I can't > >> figure > >> out how to wrap that xml into a Visual Studio 2005 - SmartDevice CAB > >> File... > >> I've successfully copied the .cer file to the WinCE device > >> (Symbol/Motorola > >> MC3000 series), executed the Certificates applet in the Control Panel, > >> accepted the prompt to add it to the store, and the import worked > >> perfectly. > >> But, is there a way for me to call CertManage.exe with some type of > >> /silent > >> switch so I can programmatically import the cert without user > >> intervention? > >> Or, is there a way for the VS2005 CAB to install the cert when it gets > >> expanded/installed? Oh, and this version of WinCE 5.0 doesn't contain any > >> VeriSign certs in the OEM Build. > >> > >> I am investigating how to properly implement these types of certificates > >> because this device is apparently using 40 or 56-bit encryption when > >> communicating to our SSL Servers and I'm trying to increase the > >> encryption > >> level to 128-bit. Our IT Dept increased the security levels on our > >> servers > >> to 128-bit and all of a sudden my .NET 2.0 CF apps were unable to > >> communicate with the servers until they lowered it back down to 40 or > >> 56-bit > >> (something like that). > >> > >> And I do believe another side-effect of these "low-bit" encryption > >> communications (or improperly accepting all cert discrepancies using the > >> CheckValidationResult method in the LocalCertificatePolicy) are the fact > >> the > >> all of my SOAP Requests greater than or equal to 34K become corrupt > >> towards > >> the end of the file, but ONLY when communicating to our SSL Servers. So I > >> know I'm doing something wrong in regards to supporting 128-bit > >> encryption... > >> > >> I appreciate any and all responses, > >> Thank you! > >> [Also posted to microsoft.dotnet.security] > >> > >> > >> > >
Mr. Hart,
Thank you very much for the heads-up on the Windows CE SDK itself... That package contained the information and resources I was searching for!!! Hell, they even have examples of specific types of "_setup.xml" configurations for all types of security issues... Again, thanks for pointing in that direction; but I can't believe my search efforts didn't reveal anything related to the Windows CE SDK, I guess my "Regular Expressions" need some work so I can refine my search criteria!!! However, I do have a few more questions for you... If you don't mind? (Thanks!) When running cabwiz.exe (WinCE 5.0 SDK), how do I determine if my "_setup.xml" must be considered as extra information for "_setup.xml", which apparently is what cabwiz.exe creates inside of the new cab file!?? So, should my SSL Certificate-Import XML file" (_setup.xml) for the SSL Cert being used by our servers be "prepend/appended to _setup.xml"? The command-line for cabwiz.exe offers the /prexml or /postxml options when creating a cab file - do I need to use them or do I somehow indicate, within the .inf file, that my "_setup.xml" file is input for the cab build? I guess I'm just not sure on how to create the .inf file for cabwiz and then go about the task of indicating that, "Oh, by the way, would you mind running this snippet of xml contained in my '_setup.xml' file so the appropriate SSL Cert Info is recorded properly?" I really hope I'm not confusing you, as well as possibly myself, but I could certainly use some clarification on how to package the example '_setup.xml' blogs/posts that I've seen for PocketPC and Windows Mobile 5/6 into the WinCE 5.0 Cab File I require for my Symbol/Motorola MC3000 Series WinCE 5.0 Mobile Device... Thank you again for your, and anyone else's, input, Greg Hellem [quoted text, click to view] "Simon Hart [MVP]" <srhartone@yahoo.com> wrote in message news:7DA08CC7-24B8-4FDB-9F2E-D99666755D2E@microsoft.com... > Greg, > > I posted a reply to the wrong thread! long day...See (Restart Application > thread) > > You have to use CABWIZ.exe for Windows CE devices which itself calls > makecab.exe. > -- > Simon Hart > Visual Developer - Device Application Development MVP > http://simonrhart.blogspot.com > > > "Greg Hellem" wrote: > >> Using makecab from the DOS Command Line, with Windows XP Professional, >> creates a cab file, but when I attempt to run/unpack it from the mobile >> device I get this error: The file "\Application\CertTest\rootcert.cab" is >> not a valid Windows CE Setup file. >> And yes, the cert was exported as base64 x.509. >> My _setup.xml consists of the following: >> <wap-provisioningdoc> >> <characteristic type="CertificateStore"> >> <characteristic type="ROOT" > >> <characteristic type="26e83d5927f019c3119ee778d6339075344f9f99"> >> <parm name="EncodedCertificate" value=" >> .... >> .... Blob removed... >> .... >> "/> >> </characteristic> >> </characteristic> >> </characteristic> >> </wap-provisioningdoc> >> >> So any ideas on how I can wrap this in a VS2005 WinCE Setup cab and get >> it >> to install, or anything else I can try? >> Thanks! >> >> "Simon Hart [MVP]" <srhartone@yahoo.com> wrote in message >> news:09583BD7-3858-4B96-8ADC-E99DD1A06630@microsoft.com... >> > You need to use the makecab.exe command-line tool, ie: >> > >> > makecab _setup.xml myCab.cab. >> > >> > Simply running this cab on the device should install it. I take it your >> > XML >> > contains the wap-provsioningdoc schema that contains your cert encoded >> > in >> > base64 x.509? >> > >> > Alternativly you could provision your device using the >> > DMProcessConfigXML >> > call. >> > -- >> > Simon Hart >> > Visual Developer - Device Application Development MVP >> > http://simonrhart.blogspot.com >> > >> > >> > "Greg Hellem" wrote: >> > >> >> Please excuse me if this has been covered previously, but I've >> >> searched >> >> for >> >> the past two days and can only find references to installing >> >> certificates >> >> (for https communications) to PocketPC, Windows Mobile 5/6, and >> >> SmartPhones >> >> but nothing about how to install a cert under WinCE5. Our host server >> >> uses a >> >> SSL Cert issued by VeriSign. I've copied the cert info to my desktop >> >> and >> >> created a _setup.xml as outlined in several posts/blogs but I can't >> >> figure >> >> out how to wrap that xml into a Visual Studio 2005 - SmartDevice CAB >> >> File... >> >> I've successfully copied the .cer file to the WinCE device >> >> (Symbol/Motorola >> >> MC3000 series), executed the Certificates applet in the Control Panel, >> >> accepted the prompt to add it to the store, and the import worked >> >> perfectly. >> >> But, is there a way for me to call CertManage.exe with some type of >> >> /silent >> >> switch so I can programmatically import the cert without user >> >> intervention? >> >> Or, is there a way for the VS2005 CAB to install the cert when it gets >> >> expanded/installed? Oh, and this version of WinCE 5.0 doesn't contain >> >> any >> >> VeriSign certs in the OEM Build. >> >> >> >> I am investigating how to properly implement these types of >> >> certificates >> >> because this device is apparently using 40 or 56-bit encryption when >> >> communicating to our SSL Servers and I'm trying to increase the >> >> encryption >> >> level to 128-bit. Our IT Dept increased the security levels on our >> >> servers >> >> to 128-bit and all of a sudden my .NET 2.0 CF apps were unable to >> >> communicate with the servers until they lowered it back down to 40 or >> >> 56-bit >> >> (something like that). >> >> >> >> And I do believe another side-effect of these "low-bit" encryption >> >> communications (or improperly accepting all cert discrepancies using >> >> the >> >> CheckValidationResult method in the LocalCertificatePolicy) are the >> >> fact >> >> the >> >> all of my SOAP Requests greater than or equal to 34K become corrupt >> >> towards >> >> the end of the file, but ONLY when communicating to our SSL Servers. >> >> So I >> >> know I'm doing something wrong in regards to supporting 128-bit >> >> encryption... >> >> >> >> I appreciate any and all responses, >> >> Thank you! >> >> [Also posted to microsoft.dotnet.security] >> >> >> >> >> >> >> >> >>
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |