SSL-problem on Windows CE 6

      SSL-problem on Windows CE 6

      Hi,

      i try to connect to an web api from my netdcu-a5.
      I have one testing environment and another productive environment which use different SSL certificates.

      On the testing environment everything works fine, communication from device to API looks good.
      On the productive environment I get on each request (HttpSendRequest(...)) Error 12157 (ERROR_INTERNET_SECURITY_CHANNEL_ERROR). Wininet documentation says "The application experienced an internal error loading the SSL libraries" on this error.

      I guess it is a problem with not installed ssl certificates / trusted authorities.

      I can access both APIs from my desktop browser without any problems.

      Now my question:
      - How can I check if the needed trusted authority is installed on my device?
      - How can I add new trusted authorities?
      - Any other idea what is the cause for this problem?

      Thanks in advance and best regards
      Ruben
      Hello,

      try to use ndcucfg:

      Source Code

      1. Welcome to the Windows CE Telnet Service on FSIMX6SDL
      2. Pocket CMD v 7.00
      3. \> cert enum
      4. Cannot execute cert.exe.
      5. \> ndcucfg
      6. NetDCU Config Utility Ready
      7. Version: 69
      8. Build from: Oct 18 2017
      9. Type help for commands
      10. !>help cert
      11. cert import cert <store> <file>
      12. cert import pkey <store> <file>
      13. cert delete <store> <cert name>
      14. cert enum <store>
      15. OK
      16. !>


      There is also a API avalable, sample: Import SSL Cert
      F&S Elektronik Systeme GmbH
      As this is an international forum, please try to post in English.
      Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.
      Hello,

      >>I have one testing environment and another productive environment which use different SSL certificates
      << Both base on NETDCUA5? On both installed the same kernel version?
      F&S Elektronik Systeme GmbH
      As this is an international forum, please try to post in English.
      Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.
      It seems that our problem are different ssl/tls versions supported by the server.

      this server works:
      Protocols
      TLS 1.3 No
      TLS 1.2 No
      TLS 1.1 No
      TLS 1.0 Yes
      SSL 3 INSECURE Yes
      SSL 2No

      this server doesn't work:
      Protocols
      TLS 1.3 No
      TLS 1.2 Yes
      TLS 1.1 Yes
      TLS 1.0 Yes
      SSL 3 No
      SSL 2 No

      Is TLS > 1.0 possible on Windows CE 6? How can I enable this?

      Thanks in advance and best regards
      Ruben
      Hello,

      >> Is TLS > 1.0 possible on Windows CE 6? How can I enable this?
      << Unfortunately no, WCE/WEC does only Support TSL 1.0.

      >> !>cert import MY /FFSDISK/root.cer
      << will check required Syntax, did you try "cert import MY root.cer" while move the file to "\" or "cert import MY \FFSDISK\root.cer".
      F&S Elektronik Systeme GmbH
      As this is an international forum, please try to post in English.
      Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.
      Hello

      >> ...Does this mean, that the F&S-Image does not support TLS 1.0?
      << no, WCE/WEC does only supports TSL 1.0 it is include in our WCE image.

      >> cert import MY root.cer
      << snytax is really wrong:

      Source Code

      1. NetDCU Config Utility Ready
      2. Version: 045
      3. Type help for commands
      4. !>help cert
      5. cert import cert <store> <file>
      6. cert import pkey <store> <file>
      7. cert delete <store> <cert name>
      8. cert enum <store>
      9. !>
      so "cert import cert MY root.cer" is correct
      F&S Elektronik Systeme GmbH
      As this is an international forum, please try to post in English.
      Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.
      Hello,

      >> After a reboot of the system, the certificate is not installed anymore.
      Are further steps necessary?

      << Please save WCE Registry.
      F&S Elektronik Systeme GmbH
      As this is an international forum, please try to post in English.
      Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.