How do I configure WinCE to use wildcard SSL certificates?

Question

Our Windows CE 5.0 application has a problem with our wildcard SSL certificate (*.domain.com) - it won't accept it as valid.

I understand that Windows Mobile 6.0 has support for wildcard certificates (earlier versions don't) and that is built on WinCE 5 which suggests it should be possible to change WinCE 5 to accept wildcard certificates (EDIT - apparently this shows my limited understanding of the environment and isn't a valid presumption!).

Can anyone suggest how we go about this? The change needs to be programmatic so that we can roll it out to hundreds of existing clients.

Help!

Answer 1

Why would the fact that WinMo supports them suggest that CE 5.0 would? You need to understand that CE is a modular OS, with a large part of the platform written by the platform OEM. The platform OEM for WinMo is the WinMo team. The WinMo team has likely written the support themselves and added it to their platform, just like all of the UI elements in WinMo that don't exist in vanilla CE.

Historically Microsoft tends to pull at least some features from the WinMo platform into CE releases that come after (like aygshell for example, which appeared in PPC (based on CE 3.0 and 4.2) and only after they developed it was it included in generic CE (5.0).

It would be worth investigating to see if CE 6.0 supports wildcard certs, and if so looking at migrating your platform BSP. If it's not there, it's going to require that you write (or buy) the support and add it to your platform yourself.

Answer 2

This will accept all certs, modify as needed.

System.Net.ServicePointManager.CertificatePolicy = new TrustAllCertificatePolicy();

public class TrustAllCertificatePolicy : System.Net.ICertificatePolicy
{
    public TrustAllCertificatePolicy()
    { }

    public bool CheckValidationResult(ServicePoint sp, System.Security.Cryptography.X509Certificates.X509Certificate cert, WebRequest req, int problem)
    {
        return true;
    }
}