x
This website is using cookies. We use cookies to ensure that we give you the best experience on our website. More info. That's Fine
HPC:Factor Logo 
 
Latest Forum Activity

Update SSL root certificates

isotherm Page Icon Posted 2009-09-11 5:39 PM
#
Avatar image of isotherm
H/PC Elite

Posts:
504
Location:
United States
Status:
After searching the forum, I only found cryptic and conflicting information about this topic, starting 3-4 years ago.

I can't access sites with PIE4 on HPC2000, and I see that some of the root certificates have expired. I see that certificates can be added via the registry, but can root certificates be added that way? Other people talk about modifying schannel.dll. There is apparently one sold for Jornada, although a few of its certificates will also expire soon. Then another post says you can just disable certificate checking in Internet Explorer, but that didn't work for me.

So... which of these three, if any, can update the root certificates? The Jornada 720 update won't work on a MobilePro 790.
 Top of the page
CAuser Page Icon Posted 2009-09-11 6:19 PM
#
Avatar image of CAuser
H/PC Sensei

Posts:
1,278
Location:
Silicon Valley, USA
Status:
I encountered similar issues with CE 4.2 devices like Skeye.pad. PIE6 constantly reminded me of expired certificates.
 Top of the page
mscdex Page Icon Posted 2009-09-11 6:39 PM
#
Avatar image of mscdex
H/PC Sensei

Posts:
1,054
Location:
United States
Status:
Quote
CAuser - 2009-09-11 6:19 PM

I encountered similar issues with CE 4.2 devices like Skeye.pad. PIE6 constantly reminded me of expired certificates.


I've yet to encounter an SSL cert expiration notice on my NBP. Any sites you recall offhand in which you experienced this under CE 4.2?
 Top of the page
C:Amie Page Icon Posted 2009-09-11 7:34 PM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
17,952
Location:
United Kingdom
Status:
I wrote a ssl root cert update for my devices, I kept it current up until about mid-2007. Root certificates are handled by schannel, but there are issues with it on CE and its effectiveness. Unfortunately I can't seem to find any of my binary's or even the source :S
 Top of the page
CAuser Page Icon Posted 2009-09-11 8:29 PM
#
Avatar image of CAuser
H/PC Sensei

Posts:
1,278
Location:
Silicon Valley, USA
Status:
Quote
mscdex - 2009-09-11 3:39 PM

Quote
CAuser - 2009-09-11 6:19 PM

I encountered similar issues with CE 4.2 devices like Skeye.pad. PIE6 constantly reminded me of expired certificates.


I've yet to encounter an SSL cert expiration notice on my NBP. Any sites you recall offhand in which you experienced this under CE 4.2?

Yahoo! Mail (Mail account associated with SBC/Yahoo DSL account requires higher security settings). I downloaded and updated some file per the popup instruction. It didn't help. Because of this, I discontinued the use of Skeye.pad as an instant-on internet station.

Edited by CAuser 2009-09-11 8:35 PM
 Top of the page
isotherm Page Icon Posted 2009-09-11 8:37 PM
#
Avatar image of isotherm
H/PC Elite

Posts:
504
Location:
United States
Status:
C:Amie, are there any more details available about how to update schannel? Is it resource editing, hex editing, registry changes, ...?
 Top of the page
C:Amie Page Icon Posted 2009-09-12 5:25 AM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
17,952
Location:
United Kingdom
Status:
It's all done in hex.

The schannel dll is a fixed size lookup resource effectively - you can't extend it, it will stop working. Everything has to be embedded into the SChannel as the raw hex string, overwriting the existing certificate. This is a list of the WM6 schannel, the last one that I modified into the hpc2000 schannel:

Comodo
AAA Certificate Services

Comodo
AddTrust External CA Root

Cybertrust
Baltimore CyberTrust Root

Cybertrust
GlobalSign Root CA

Cybertrust
GTE CyberTrust Global Root

Verisign
Class 2 Public Primary Certification Authority

Verisign
Thawte Premium Server CA

Verisign
Thawte Server CA

Verisign
Secure Server Certification Authority

Verisign
Class 3 Public Primary Certification Authority

Entrust
Entrust.net Certification Authority (2048)

Entrust
Entrust.net Secure Server Certification Authority

Geotrust
Equifax Secure Certificate Authority

Geotrust
GeoTrust Global CA

Godaddy
Go Daddy Class 2 Certification Authority

Godaddy
http://www.valicert.com/

Godaddy
Starfield Class 2 Certification Authority

Once you get the certificate (cer) you need to convert it into hex and impregnate the schannel into an existing resource key.

I still can't find any darn binarys of my last schannel.
 Top of the page
Jump to forum:
Seconds to generate: 0.156 - Cached queries : 63 - Executed queries : 10