probably you're using a self-signed certificate on the server so you need to include your certificate in the configuration of your application.
On windows mobile this can be done using a custom config.xml configuration. If you're using the shared runtime in an Hybrid app you need to use the <cafile> tag in you configuration.
If you're building a native app you can add a custom config.xml file to your project:
Than you can include the information of your own self signed certificate following the instructions on how to setup the <cafile> tag:The CaFile must be set in the config.xml file (located in the second Navigation section). This is the location of the cert on the device. The below points to the mycert.pem located in the root of the sd card. cert must be in .pem format.
<CaFile value="file:///mycert.pem" />
Below are the Cipher’s that we support.
A file of CA certificates in PEM format. See http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html. This is only supported on the ET1
Local File name on the device.
A directory containing CA certificates in PEM format (one certificate per file). The OpenSSL c_rehash utility must be used to generate appropriately named links to the certificate files. Seehttp://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html for more information.
Local File path on the device.
Verify the server certificate against the internal certificates. It is strongly recommended not to set this to 0 in deployment situations, but it can be useful during development. A value of 0 is equivalent to automatically clicking 'OK' on a web browser's dialog querying an untrusted certificate. If unspecified this option will default to 1.
thank you, for your answer. Is the CaFile parameter supported on MC55? I found the remark, that CaFile is only supported on the ET1.
there's an issue in the RhoMobile Suite v.2.2SP1 that does not allow to use this functionality, as listed in the release notes:
Known Issues with RhoElements Applications Using Motorola WebKit
- Applications wishing to access any Secure site should disable the 'VerifyPeerCertificates' configuration option.
when will be this fixed?
Hi Pieto, do you know if the Verify Peer issue has been resolved in Rho Elements 4.x for Windows Mobile Devices? I am experiencing issues using Customer supplied certs to access a ssl siteminder login server. Windows Native Browesr can get there by either confirming the cert via dialog or installing the certs in the cert store.
I have case 3022207 open.
- The customer Certificates are all 2048 bit. Support is checking with dev to see if 2048 is supported.
- Trying to test on Android. Initial connection to the secure page did not work in Android either.
- The rholog shows a line in a Rho program where the navigation errors out. Can we get a debug build to tell us what the error is in line 512 or RhoWKBowserEngine.cpp. Possible root causes
- I think either we have a syntax error in config.xml
- Rho 4.x does not support
- Certificates are 2048 and need to be 1024
- Can we get any kind of debug to help tell us what is going on on Windows Mobile when the VerifyPeerCertifcates are set to 1?
If you have any thoughts or suggestions, please let me know.
I used tested in the past sel-signed certificates on Android and it worked for me with code from Rhodes 3.5-stable from github, fix was committed last year in April:
Given that the code is still there in master branch I think that it works even for v4.x. You can take a look at the source code to understand what Rhodes looks for in the configuration file.
Regarding Windows Mobile, that's not included in the open source Rhodes version and working through support is your best option.
The issue was solved with the help of support. The resolution was as follows:
The solution was to combine the three customer required PEM certs into one file and setting the config.xml to a value of <CaFile VALUE="%INSTALLDIR%\Certs\ComboCert.pem"/>.
cert 1 binary data
cert 2 binary data
cert 3 binary data