SSL-problem on Windows CE 6

  • Hi,


    i try to connect to an web api from my netdcu-a5.
    I have one testing environment and another productive environment which use different SSL certificates.


    On the testing environment everything works fine, communication from device to API looks good.
    On the productive environment I get on each request (HttpSendRequest(...)) Error 12157 (ERROR_INTERNET_SECURITY_CHANNEL_ERROR). Wininet documentation says "The application experienced an internal error loading the SSL libraries" on this error.


    I guess it is a problem with not installed ssl certificates / trusted authorities.


    I can access both APIs from my desktop browser without any problems.


    Now my question:
    - How can I check if the needed trusted authority is installed on my device?
    - How can I add new trusted authorities?
    - Any other idea what is the cause for this problem?


    Thanks in advance and best regards
    Ruben

  • Hello,


    try to use ndcucfg:


    There is also a API avalable, sample: Import SSL Cert

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.

  • Hi,


    thanks for response. Importing the certificate didn't solve my problem.


    Did you ever see errorcode 12157 (ERROR_INTERNET_SECURITY_CHANNEL_ERROR)?
    Any idea what is the cause of this problem?


    Thanks and best regards
    Ruben

  • Hello,


    >>I have one testing environment and another productive environment which use different SSL certificates
    << Both base on NETDCUA5? On both installed the same kernel version?

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.

  • It seems that our problem are different ssl/tls versions supported by the server.


    this server works:
    Protocols
    TLS 1.3 No
    TLS 1.2 No
    TLS 1.1 No
    TLS 1.0 Yes
    SSL 3 INSECURE Yes
    SSL 2No


    this server doesn't work:
    Protocols
    TLS 1.3 No
    TLS 1.2 Yes
    TLS 1.1 Yes
    TLS 1.0 Yes
    SSL 3 No
    SSL 2 No


    Is TLS > 1.0 possible on Windows CE 6? How can I enable this?


    Thanks in advance and best regards
    Ruben

  • Hi,


    other question: we where not able to import a certificate with ndcucfg.

    Quote

    cert import cert <store> <file>


    the cert file is in /FFSDISK/root.cer


    Code
    1. !>cert import MY /FFSDISK/root.cer
    2. ERROR 100: Syntax error


    What's going wrong here?

  • Hello,


    >> Is TLS > 1.0 possible on Windows CE 6? How can I enable this?
    << Unfortunately no, WCE/WEC does only Support TSL 1.0.


    >> !>cert import MY /FFSDISK/root.cer
    << will check required Syntax, did you try "cert import MY root.cer" while move the file to "\" or "cert import MY \FFSDISK\root.cer".

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.

  • Hello


    >> ...Does this mean, that the F&S-Image does not support TLS 1.0?
    << no, WCE/WEC does only supports TSL 1.0 it is include in our WCE image.


    >> cert import MY root.cer
    << snytax is really wrong:

    so "cert import cert MY root.cer" is correct

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.

  • Hello,


    >> After a reboot of the system, the certificate is not installed anymore.
    Are further steps necessary?


    << Please save WCE Registry.

    F&S Elektronik Systeme GmbH
    As this is an international forum, please try to post in English.
    Da dies ein internationales Forum ist, bitten wir darum, Beiträge möglichst in Englisch zu verfassen.