none
Need support for SSL certificates creation on Windows CE RRS feed

  • Question

  • Hi,

    Our Windows CE test setup requires certificates  with .cer and .pvk extensions.which version of openssl utility is used for generating these certificates. Also need support on openssl commands which are used for generation of these certificates (.cer & .pvk).

    Please provide info.

    Thanks,

    Harsha

    Wednesday, July 9, 2014 2:35 PM

All replies

  • You can create the certificate with makecert.exe. If you have VS you will have this in the installation folder. Once you've got your certificate made, find it in the certificate manager and export it twice; once as PKS #7 (p7b) with only the public key (you need to include this one in your Windows CE image), and the second will be as PKS #12 with the private key included.

    Make sure you have sysgen_certmod set in your kernel build and include the p7b file in your kernel (this is important, you can't later add it to the kernel, it has to be in ROM).

    The next steps depend on what you are trying to accomplish. Are you trying to sign executables so only those can be executed on the device, or is this for something else?


    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: http://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    http://guruce.com
    Consultancy, training and development services.

    Thursday, July 10, 2014 8:04 AM
    Moderator
  • Hi Michel,

    Thanks for the reply..

    My requirements is, i need to validate EAP-TLS authentication mechanism with Cisco ACS Radius server.

    I have created the Root certificate(.cer), Server certificates (.cer, .pvk and .pfx) and Client certificate  (.cer, .pvk and .pfx) with Makecert tool.

    Windows CE is accepting client certificates but when i have tried to install server certificate on  Cisco ACS server, it is throwing following error.

    "cannot get the private key from certificate.it's absent or not marked as exportable"

    I used following commands to create certificates:

    Root Certificate Creation :
    makecert -r -pe -n “CN=IgxCA” -sv “IgxCA.pvk” IgxCA.cer
    -r : Self-Signed
    -pe : Private Key Exportable
    -n: Common name
    -sv : Private key file
    Server /Client Certificate Creation :
    For .cer and .pvk formats :
    makecert -n “CN=IgxServer” -iv “IgxCA.pvk” -ic “IgxCA.cer” -pe -sv “IgxServer.pvk” IgxServer.cer
    -iv : Private key of Root Trusted CA for to sign the Server Certificate.
    -ic : Public key of Root Trusted CA for to sign the Server Certificate.

    and i used pvk2pfx tool to convert .pvk to .pfx format.

    Thanks,
    Harsha

    Thursday, July 10, 2014 1:22 PM
  • I'd say this is something for Cisco support...

    Good luck,

    Michel Verhagen, eMVP
    Check out my blog: http://guruce.com/blog

    GuruCE
    Microsoft Embedded Partner
    http://guruce.com
    Consultancy, training and development services.

    Thursday, July 10, 2014 9:39 PM
    Moderator