SSLChainSaver v2 released

Two years ago I released the first version of the SSLChainSaver tool. This tool helps you diagnose and repair SSL problems on Windows Mobile devices. After a very long delay, Version 2 is now up on the Microsoft download center. I wasn't able to release the source code this time. The usage instructions are similar to the previous version:

From a command prompt, run the tool.

> sslchainsaver mail.company.com

This will create a directory called mail.company.com which contains all the certificates from the SSL chain. It will also create files called mail.company.com.wm5.xml and mail.company.com.wm6.xml which can be installed over USB using rapiconfig or put in a CAB file for installation on device.

New features:

  • Creates versions of the XML for Windows Mobile 5 and 6. The WM6 version of the XML should always be able to be installed on WM6 devices - it installs certs to the user store so the security policies on the device should never block it.
  • Tries to diagnose many common SSL problems - no root cert sent by the server, common name mismatch, wildcard certs w/ WM5 devices, etc.

Known Issues:

  • The tool needs to be able to write to the current directory in order to save the files. If you install to \Program Files on Vista and are not running an admin command prompt, it won't be able to write out the certs. Either install it to a directory where you have write access (like Documents) or run from an elevated command prompt.
  • The tool can detect a common name mismatch on the cert but it doesn't parse the "SubjectAltNames" extension. If your certificates are using SubjectAltNames, the tool will report a name mismatch but the certs will really work fine.

Let me know here if you have any problems with it. I hope it helps you out.

Scott