Hello,
i'm trying to get 802.1x sorted with certificates. I've tried both winmo 6.1 and 6.5 and neither seems to support it. Windows CE 6.0 supports it.
I've found suplicants which will do eap-ttls but nothing which does eap-tls.
Does anyone have any suggestions? Motorola add a package to their devices called Fusion which provides eap-tls support - but you can't purchase that seperatly.
Many thanks.
i have the same problem i am using samsung jack WM6.5 and nothing works i also try with a personal certificate but nothing i cant connect to my office network wich is eap tls
http://msdn.microsoft.com/en-us/library/aa916394.aspx
quote
The EAP framework is implemented in a dynamic-link library (DLL), eap.dll. Specific authentication extensions are implemented in separate DLLs. For example, the EAP-MD5 authentication extension is implemented in eapchap.dll. A single extension DLL may support more than one authentication extension type. For a particular extension to be used successfully, both the client and server must support it.
end of quote
CE and WinMo binaries (dlls) are compatible, you should be able to use eaptls.dll (or whatever dll contains TLS authentication) in WinMo if there isn't one. It should only take to extract it from a CE image or build with CE platform builder, then add registry settings to enable it.
You may also need to use pfximport for WinMo to install your device certificate:
http://www.jacco2.dds.nl/networking/pfximprt.html
The author mentioned someone was able to use EAP-TLS on WM5/6, see
http://www.jacco2.dds.nl/networking/p12imprt.html#EAP-TLS
quote
I have received several reports that EAP-TLS works after you installed a personal certificate with P12imprt. There are reports that you may need to soft reset your device before the personal certificate can be used with EAP-TLS.
end of quote
stepw said:
http://msdn.microsoft.com/en-us/library/aa916394.aspx
CE and WinMo binaries (dlls) are compatible, you should be able to use eaptls.dll (or whatever dll contains TLS authentication) in WinMo if there isn't one. It should only take to extract it from a CE image or build with CE platform builder, then add registry settings to enable it.
Click to expand...
Click to collapse
I can't find anywere an eaptls.dll file. Don't suppose anyone has a windowsCE device handy to extract it?
Unfortunately I don't, you could build one using Windows CE platform builder
Related
Hello all,
Attached is a simple CAB file that should have set the PIE user-agent stuff to be identifying the thing as IE6. I think there may be others around, I know I've seen it in a larger cab, so don't worry about this specific function. My question is regarding the fact that when I try to run it on my HTC Wizard (running WM5), I get "Installation of PIE_as_IE6.cab was unsuccessful".
I built the CAB off of the "CAB Template.cab" from http://forum.xda-developers.com/viewtopic.php?p=113615#113615 - just in case I'd run into that version issue with WM5.
Any thoughts out there on what's wrong with the CAB? Or is there a different reason it won't install?
Hi, what CSP are you using to change those settings and how are you deploying it to the device? Chances are access to that provider is restricted to a higher security role than what the cab file has permissions to do. RAPI still has access to most service providers by default but if you're downloading the cab over the air to the device it'll probably need to be signed with a suitable certificate before it's allowed to make setting changes. Mobile 5.0 security has been beefed up and its now a bit of a mission to do what was reasonable simple to do on 2003. All cpf files need to be signed if not deployed over RAPI as well, for even something trivial like adding a browser favourite.
editor is OCP Software's WinCe Cab Manager (version: 1.1)
deploy method is copy over USB cable by ActiveSync through Total Commander+WinCe Device access plugin. Execution of CAB is on the device itself through Total Commander CE or Explorer.
No CSP in use (err.. afaik).
You may be right that the part of the registry in question may simply be unavailable to access without special signing. I'll have to dig for those keywords a bit.
Yeah...the more I research Mobile 5.0 security the steeper it gets. It seems security permissions extend all the way to file IO access. Writing certain recognized system files (like theme files) without adequit permissions effectively renders those files as untrusted and they stop behaving in their expected manner. Its a pain.
Hello. I want to scan and modify every IP packet that goes thru PPP (dial-up) (or thru all interfaces if easier). I've done a lot of research and found that maybe the only way to achieve this on lousy wince is to patch the OS itself...I am an x86 programmer and I've done this relatively easily on winxp...
P.S. How can one debug wince os code in ROM with software debuggers?
P.P.S. So far I don't have any solution to my problem so it would be a success to do this even with one device (I have htc universal for tests...)
Today I've finally downloaded the platform builder and so called "Shared" code of wince 6.0...To my surprise I found ARM4 .lib files instead of source code for everything that I needed to look in (ip*.*) . However there is a binmod utility and other stuff for editing rom that you might need. I don't need to modify rom since i can neither debug ROM nor have it's source even from a different version of wince (I need for 5.0). M$ is sh*t as usual.
It is the har work to modify ppp packets on pocket pc (wince).
Yo can try the passthru sample in PB:
\PUBLIC\COMMON\OAK\DRIVERS\NETSAMP\PASSTHRU
and
\WINCE500\PUBLIC\COMMON\OAK\DRIVERS\NETSAMP\ASYNCMAC
i think you have to modify the drivers.
good luck !
I have been searching high and low for a GUI based Certificate enroller for
Windows Mobile devices. Essentially I want a GUI driven enroller similar to
the version found in the WM2003 SDK using enroll.exe and enroll.cfg or
something similar. Ideally this GUI based enroller would be standalone and
would not store any credentials after the enrollment process. The WM2003 SDK enroll utility currently requires you to pre-populate the enroll.cfg file
with a user name, password, domain, CA servername and cert template this file has to be transfered to the device then launched with enroll.exe. The file resides with all credentials after the enrollment process. Any
chance we can get this GUI based that would work for all WM devices?
I need to install a certificate for wifi on my university. As you all know PEAP needs a personal certificate. But when i install the certificate it's placed in the base folder and not in the personal folder.
Yes i added the ValidateServerCert to the registery.
Anyone can help?
If I am not mistaken it should be in the base
or it may depend on the certificate
In my case I also need a cer to use my Uni's WiFi and when I install it I find it in the base list
my problem is the certificate seems to be outdated otherwise according to the instruction I had the certificate should be in the base list.
Not sure if this helps, I have a digital certificate which allows me to get onto my work email from home.
I just copied the certificate to my memory card and then opened it through the phones file explorer.
It installed the certificate for me.
I installed the certificate the same way as you. But when i try to connect the router, it says: "you need a personal certificate" and personal certificates are used to identify yourself and base certifactes are not. So i think i need to get that certifacte to te personal folder.
Have you tried via ActiveSync? Saw an option last night, although have no experiences with certs.
Try secureW2 plug-in. (use google to find it)
A common problem is that you need certain root certificates as well- and WM doesn't download/ install them.
There are even networks that you won't be able to connect to using PEAP- like the one my uni uses. Don't ask me for detailed reasons... It's some kind of yet unsolved WM-WiFi-certificate-issue.
i use secureW2 as well at my university... works great
Thread closed as OP removed its content.
- Oswald Boelcke
*********************
e
jastahooman said:
In developing...
Click to expand...
Click to collapse
interesting... looking forward to this
Wow! Waiting impatiently. Will that be bare-bones WM 6.5 or with Sense?
Looking forward to it
Nice, can you please send me kitchen, i also have a solution for the expired certificate problem so you can surf the web. You can extract them from Windows 7, 8 , 10 in the right format and then install with the Builtin certificate manager.
If someone can share them from Windows 10 in a supported format, cer does work maybe der, crt sstl but pem cant be read or converted to the other Formats without private Key.
HERE IS THE SHORT TUT AND FULL TUT LINK
Updating List of Trusted Root Certificates in Windows | Windows OS Hub
All Windows versions have a built-in feature for automatically updating root certificates from the Microsoft websites. MSFT, as part of the Microsoft Trusted Root Certificate Program, maintains and publishes a…
woshub.com
AND HOW TO GET ALL FRESH WIN10/WIN11 Certificates
certificates using the Sigcheck tool. This tool allows you to compare the list of certificates installed on the computer with the list of root certificates on the Microsoft website (you can download an offline file with up-to-date certificates authrootstl.cab).
You can manually transfer the root certificate file between Windows computers using the Export/Import options.
You can export any certificate to a .CER file by clicking on it and selecting All Tasks -> Export;
You can import this certificate on another computer using the option All Tasks -> Import.
Certutil: Download Trusted Root Certificates from Windows UpdateCertutil.exe CLI tool can be used to manage certificates (introduced in Windows 10, for Windows 7 is available as a separate update). It can be used to download an up-to-date list of root certificates from Windows Update and save it to an SST file.
To generate an SST file on a computer running Windows 10 or 11 and having direct access to the Internet, open the elevated command prompt and run the command:
certutil.exe -generateSSTFromWU C:\PS\roots.sst
Updated SST file.
CertUtil: -generateSSTFromWU command completed successfully.
Click to expand...
Click to collapse
You can visit archive.org after adding the certs uploaded in this post, from the Fileexplorer.
It ewould be nice if someone could start a certficiates megathreads,Contianing the ones used by Webbrowser other OSes etc to and the standard Windows Moible Root CAs.
Windows Mobile Root Certificates - Connectivity Analyzer
If the Microsoft Remote Connectivity Analyzer is unable to follow the certificate chain to the trusted root, then it displays the following error: "The security certificate on the server is not valid. Support code: 0x80072f0d."
docs.microsoft.com
Namely
Certificate Authority5.05.0 + MSFP6.0Thawte Server CAYesYesYesThawte Premium Server CAYesYesYesGTE CyberTrust RootYesYesYesGTE CyberTrust Global RootYesYesYesSecure Server Certification Authority (RSA)YesYesYesGlobalSign Root CAYesYesYesEntrust.net Secure Server Certification AuthorityYesYesYesEntrust.net Certification Authority (2048)YesYesYesVerisign Class 3 Public Primary Certification AuthorityYesYesYesVerisign Class 2 Public Primary Certification AuthorityYesYesYesEquifax Secure Certificate AuthorityYesYesYesValiCert Class 2 Policy Validation AuthorityNoYesYesAAA Certificate Services (Comodo CA Limited)NoNoYesAddTrust External CA RootNoNoYesBaltimore CyberTrust RootNoNoYesGo Daddy Class 2 Certification AuthorityNoNoYesStarfield Class 2 Certification AuthorityNoNoYes
There is also a new Windows Mobile build reuglary updated
Download Windows Embedded CE 6.0 Cumulative Product Update Rollup Package (through 12/31/2015) from Official Microsoft Download Center
www.microsoft.com
You can find sysbuilders with searching for
Windows Embedded CE 6.0 R3or under its prerename
Windows Embedded Compact
docs.microsoft.com
There are several variants bu kernel seems to be same.
So maybe this helps.
There is also a new Windows Mobile Build and UPdate from 2016
Download Windows Embedded CE 6.0 Cumulative Product Update Rollup Package (through 12/31/2015) from Official Microsoft Download Center
www.microsoft.com
Windows Embedded Handheld
docs.microsoft.com