Saturday, November 12, 2011

Windows Phone and HTTPS service calls


If you have been working with Windows Phone and trying to make HTTPS based calls to other services there are a couple things you will want to know. Since these HTTPS calls happen over a secure connection there are a few nuances you have to be aware of. Windows Phone is pretty touchy about HTTPS certificates. Normally on a web page you can just create a self-signed cert and either bypass the cert trust warning or install the cert in to the machines trusted CA list. However, Windows Phone does not have this flexibility. During development or test you probably are using a self-signed cert. If your Windows Phone app calls a HTTPS service using a self-signed cert you will get an error saying “service not found” or “remote server returned a error: not found.” This is because the call is causing a certificate error since the cert is not in the phones trusted cert tree. To solve this problem the emulator or device needs to install the certificate. To do this just navigate to the .cer file in the device or emulator’s browser and tell it to install the cert. This will then let your phone make calls to the HTTPS service. Once you do this it should solve your problem.

The other issue you may see in production is that the cert you bought and installed works fine in Windows but not when called by Windows Phone. For some reason the CA trust tree for Windows and Windows Phone are not the same. Make sure you buy a cert from a CA trust that is in both.

Here is the list to help you find one:

Windows Phone CA trust

Windows CA trust

If you install a cert that is in the Windows trust tree but not in Windows Phone the phone will still give you an error when trying to call the HTTPS service because it does not trust the cert protecting the service.

No comments: