Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Windows Phone 8 and HTTPS/SSL

I need to connect to a web service via HTTPS in my windows phone 8.0 app. It seems that there is no client SSL support from Microsoft about this issue.

I really need to know how to deal with certificates in WP8. What is the correct certificate? Which certificates need to be imported?

Scenario: I have a https endpoint: https://10.1.1.2 and when I connect there from my PC I am being prompted to view and install the certificate of the server. The certificate name "The Root CA" is being saved locally. The same certificate is installed in the mobile device w/o problems. When I open the https://10.1.1.2 from the mobile internet explorer it informs me that the web page is secure and I have to choose between close and continue the page. I am clicking continue and the https://10.1.1.2 transaction takes place. Every time I go to the same URL via the mobile internet explorer there is no warning to the end user regarding security.

According to Microsoft: In most cases, you do not have to do anything to enable this for your Windows Phone app with the exception of using an address that begins with the https:// protocol scheme. Windows Phone then examines the certificate that is returned by the web service, and if the certificate is from one of the trusted authorities listed in SSL root certificates for Windows Phone OS 7.1, the Windows Phone app platform then uses the certificate in conjunction with the web service to encrypt all further communication, including the exchange of the authentication credentials as described previously. Although you can install trusted certificates on the Windows Phone, in the current release, the Windows Phone app platform does not expose those certificates’ values to apps. As a result, in the current release, you cannot implement mutual authentication scenarios – scenarios in which the client sends its own certificates to the web service in addition to receiving one -- using certificates installed in the root store.

So, is this procedure OK? I cannot use one of the certificate authorities that Microsoft trusts by default. Do I need code?

like image 373
cateof Avatar asked Jun 16 '14 09:06

cateof


1 Answers

Self signed certificate cannot be used and it does not automatically fetch data without intervention.

like image 80
Sam Avatar answered Sep 28 '22 04:09

Sam