Dear ppl,
I have a windows mobile 5.0 application that syncronises with SQL Sever 2005 (Merge Replication). The replication works fine without SSL. But when using SSL it doesn't work .On the device i get an error
I have created a a Wild Card Certificate (*.domain-name.net) using Microsoft Certificate Services (Stand Alone) and setup the replication website with replication virtual directory under it , in IIS, to use this certificate. The host header for the replication site is set to "sql.domain-name.net". I have binded the host headers to the port as well.
I can access the https://sql.domain-name.net/replication/sqlcesa30.dll from remote computer and device and it says Microsoft SQL Server Compact Edition Server Agent, that means it is setup correctly.
I have installed the certificate authority and its wild card certificate on the device Root Certificates. Now when I call repl.syncrhonise() from device .. it throws exception with error 28037, A request to send data to the computer running IIS has failed.
which i think means, it can't find the service url.
I am not sure what is the problem..something to do with Trust - SSL certificates... Is there any thing i am missing ?
Awaiting,
Just try to rule out the obvious - you have specified "https://" instead of "http:" in the application source code, right?
Did you run the sync app as the same window's credential as running "https://sql.domain-name.net/replication/sqlcesa30.dll" from IE?
Thanks.
|||thanx for the response Zhou... well i m not using any authentication..I have setup the replication website Directory Security in IIS as Anonymous Access... Is it necessary to use credentials (any authentication windows,basic etc) ?
Awaiting,
|||It would be nice to try different credentials, at least the basic authentication, Windows username and password.
However, you need to specify these information in your application code.
This posting is provided AS IS with no warranties, and confers no rights.
|||Nabeel -
I'm interested in what you find out.
I've been using SSL (with a certificate I created using Windows Server Certification Authority) with merge replication to SQL Server 2000 for a few years now. I'm in the process of trying to figure out how to migrate to SQL Server 2005 and SQL Server CE 2005. But I'm also noticing that Internet Explorer 7.0 can throw some very very nasty message to users browsing to my web site -- apparently, IE 7 sees these non-trusted certificates as a major security threat). So I'm now exploring how to deploy with a trusted certificate.
I'll keep an eye on how this thread develops and I'll post as I learn more information. Hope you will do the same.
Larry
|||Nabeel -
Doing some research, you might want to take a look at this:
http://support.microsoft.com/kb/266695/EN-US/
Larry
|||
well if u take a look at this http://download.microsoft.com/download/6/d/9/6d9ab586-5bed-4cfc-b28b-d83dadb85b42/Windows_Mobile_Devices_and_Security_Proecting_Sensitive_Business_Information.pdf
It says that The Internet Explorer Mobile Web browser included in Pocket PC and Smartphone software uses 128-bit SSL (https) and PCT encryption technologies to access secured Web sites. In earlier versions, the High Encryption Pack may be required to upgrade from the native 40-bit encryption to 128-bit encryption. So i think it is not required to install the high encyption pack. However i tried to install it on a couple of devices WM5.0 and after installing and restarting the devices, the devices stopped working for some reason :) ... so I had to do for factory restart
|||hi,
your device MUST recognize the certificate's CA. you should export your CA's root certificate into .cer file (via http://myca/certsrv/), copy it to the device, and import it into trusted root CA store there (just tap it and confirm). AFAIR you also need to do a soft-reset.
you can test if your device recognizes the site's certificate by launching IE on the device and going to the merge agent address. for merge replication over SSL to work you can not have any warnings about the certificate when opening the site using device's browser.
hth
kamil nowicki
|||thanx for the response Kamil ... I have already installed the CA certificate on the device... the problem is when i access the merge replication address through IE on the device... it gives me the warning that "The name of the certificate is invalid or does not match the name of the site"
It also says that the certificate is from a trusted certifying authority and the certificate date is valid.
The certificate I am using for the merge replication website is a Wild Card Certificate (i.e. *.domnin-name.net) and the host header is "sql.domain-net.net"
If i install the certificate on a desktop PC and access the merge replication address through IE, it works fine without any warning. It says that the root CA has identified the site as sql.domain-net . However on the device it can not resolve the host header for some reason. I tried installing both Root CA and Wild card certificate on the device , but no use.
Any idea what could be the problem?
Awaiting,
|||oops, looks like i did not read the entire message and wrongly assumed what the error was... sorry
i am not certain if PPC devices understand what a wildcard certificate is... maybe thats the problem ?
also, from my experience, if mobile IE gives you even a minor warning when accessing the agent hosted on IIS then the replication won't work.
could you try using a non-wildcard certificate and post the results ?
No comments:
Post a Comment