Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to Install a CA Certificate on Windows CE

574 views
Skip to first unread message

David Morgan

unread,
Sep 19, 2001, 7:27:57 AM9/19/01
to
Hello
 
I am using SQL Server CE Replication over the Internet.  We have developed the Pocket PC application which replicates without any problems.
 
Now, we would like to change the URL that is being accessed to be https:// rather than http://, i.e. enable SSL and encryption.
 
I have created a Certificate Request and had it Processed / Authorised by our internal CA, and successfully merged it back in to the webserver.
 
Using IE on my PC I can now access websites on the server using http or https, although when I first access, I get a message saying:
 
   "The Security Certificate was issued by a company you have not chosen to trust. ...."
 
This is as expected, and if I browse to http://ca_machine/certsrv/ I can follow the screens and install the CA's Certificate.  The message then goes away.
 
The problem is that when I try and replicate using the https:// version of the Replication URL, (https://sqlserver/vdir/sscesa10.dll), I get the following message:
 
   "HttpSendRequest failed, hresult has more detail."
 
If I change the Replication URL back to http://... it all works okay.
 
I can only think that this problem is related to the error reported by IE on my PC about the Certificate, and it's issuing authority.
 
The question is, how do I install my CA's Certificate on Windows CE / with Pocket PC IE, as I think this will solve the problem.
 
When I try and access the Webserver using IE and https:// from the Pocket PC I don't get quite the same message as I do on my PC.  This is the message:
 
   "The security certificate for this site has either expired or does not match the server name."
 
Neither of which are true.  It allows me to continue, but I cannot find anyway to get rid of the message, (a.k.a. install the CA's certificate).
 
Any ideas?
 
Regards
 
David Morgan
 
 
 
 

Chris De Herrera, MS-MVP/Mobile Devices

unread,
Sep 19, 2001, 9:32:56 AM9/19/01
to
Hi,
The .dll won't work - it has to be compiled for the Pocket PC's OS and cpu.  See http://support.microsoft.com/directory/article.asp?id=KB;EN-US;Q290288
 

--
Chris De Herrera
Microsoft MVP - Mobile Devices
http://www.cewindows.net - Most Complete set of FAQs on Windows CE
http://www.purece.com - Pocket PC and Windows CE Discussions

David Morgan

unread,
Sep 19, 2001, 12:25:15 PM9/19/01
to
Hi Chris
 
Thanks for that.  Fortunately I am using SQL Server CE so I used the program that comes with it, (rootcert.exe), whereby you just copy the rootcer.cer file to the root and run the exe.
 
Thanks
"Chris De Herrera, MS-MVP/Mobile Devices" <ch...@cewindows.net> wrote in message news:uqyKl9QQBHA.1860@tkmsftngp03...

Kevin J. Boske

unread,
Sep 19, 2001, 8:23:58 PM9/19/01
to
Hi David,
 
If you followed the steps in the SQL Server CE Books Online topic "Updating the Database if Trusted Root Authorities on Windows CE".  I'm not aware of a method of installing the root certificate through PocketIE.

How have you configured the ports for SSL?  The default port is 443.  If you are using a different port, you will need to pass that as part of your InternetURL property.
 
For example: https://server:45/share/sscesa10.dll  where 45 is the port number.
 
Also note, you need the root Certificate on the device, not the Server Certificate.
 
As always, I recommend that you get a copy of my white paper regarding Security and Configuration.  I have this scenario described in detail.
 
 
Finally, can you please respond with the HR returned in your errors collection?  This will be very helpful in pinpointing the issue.
 
Thanks,
 
- Kevin Boske
 
I’ve been “encouraged” to share the following information from our lawyers:  This posting is provided “AS IS” with no warranties, and confers no rights. You assume all risk for your use. © 2001 Microsoft Corporation. All rights reserved.

Brian Sabino

unread,
Sep 19, 2001, 10:39:20 PM9/19/01
to
Were you able to get it working using rootcert.exe?

--
This posting is provided “AS IS” with no warranties, and confers no rights. You assume all risk for your use. © 2001 Microsoft Corporation. All rights reserved.
 
 

David Morgan

unread,
Sep 20, 2001, 4:15:59 AM9/20/01
to

Hi Brian

Yes I was, but unfortunately, now no NT 4 Workstations can connect to the W2K SQL Server 2K Machine.

I installed Certification Authority on the same server that is used for SQL Replication.  Created a root certificate and then created a certificate from IIS Admin for the Default Website.  Did the rootcert thing for my CA's Certificate.  I was then able to replicate using SSL with no problems.

I am using W2K Pro. and was able to continue to connect the SQL Server in question for Enterprise Manager etc.

Unfortunately, my colleagues that are using NT Workstation are no longer able to.  They get the following message:

A connection could not be established to [Server Name]

Reason: SSL Security Error
ConnectionWrite (SECEncryptData())..

Please verify SQL Server is running and check your SQL Server registration properties (by right-clicking on the [Server Name] node) and try again.

Having searched the news groups for this, I can only find one previous reference to this problem, (http://groups.google.com/groups?q=SECEncryptData()&hl=en&rnum=1&selm=OZLVeoBOAHA.298%40cppssbbsa05), unfortunately the guy never had a response.

I would be very grateful if you could shed any light on this issue now, as it does not just affect Ent Mngr, but any method of connecting to SQL Server using NT 4.0.  (OLE-DB Connection String from VB 6 App!).

Kind regards

David Morgan

 

"Brian Sabino" <BrianS...@Microsoft.com> wrote in message news:uFAD83XQBHA.1544@tkmsftngp05...

David Morgan

unread,
Sep 20, 2001, 4:24:16 AM9/20/01
to
Hi Kevin
 
Yes it is all working now thankyou.  I would be grateful if you could look at the response I have made to the next post in this thread, as now NT 4.0 Workstations can no longer connect to the W2K SQL2K Server!
 
The error that comes up without the Root Certificate is:
 
Source: Microsoft SQL Server 2000 Windows CE Edition
Error Number: 80072F0D
Native Number: 28037
Error Description: Run HttpSendRequest failed,hresult has more detail SSCE_M_HTTPSENDREQUESTFAILED
Param=0
Param=0
Param=0
 
There are no further messages after that.
 
Regards
 
David Morgan
 
 
"Kevin J. Boske" <kboske...@microsoft.com> wrote in message news:ey6cLqWQBHA.1584@tkmsftngp03...
0 new messages