Root Certificates are used by web browsers to identify a trust with web sites. When root certificates expire, Windows usually auto-updates them (Vista and above) or deploys them through Microsoft Update (Windows XP). The Windows CE 5 operating system on the Wyse 3150 WinTerm (windows terminal) has no automatic way of updating them so they must be imported manually.
We had this situation arise when our remote users complained that they were unable to log on to one of our Citrix Servers. All they would get was an SSL Error 70 message when they tried to load the virtual desktop. Luckily, one of the more up to date terminals gave a more specific error, stating that one of the certificates, from GlobalSign, had expired. So my challenge became to get the latest one imported manually.
Step 1 – Get the latest certificate
Obtain the latest certificate from the provider or export it from a Windows XP computer
- I got the one for GlobalSign from their website
- Just copy and paste the text into a text file and save it as GlobalSignRootCA.cer
- This will need to be saved on an FTP server that can be reached from the WinTerms
Step 2 – Install the Certificate
- Log on to the WinTerm as the Administrator
- If you are doing this via VNC, use the Alt+F4 command during auto-logon to access the administrator logon
- Open the Control Panel from the link in the Start Menu
- You should find the Certificates add-on
- If the Certificates add-on isn’t there, you will need to install it
- Warning: After the new Add-on is installed you will need to restart the WinTerm
- Download the necessary Certificate Manager Addon from the Wyse Support website
- Extract the files and copy certsaddon.bin and params.ini to a folder on an FTP server
- Back on the WinTerm Control Panel, Open the Add-on applet and click Upgrade.
- Specify the FTP server where the add on files are saved.
- Warning: The upgrade will install all add-ons that it can find so make sure the folder doesn’t have anything else unwanted in it
- After you get the Upgrade Complete message, restart the WinTerm
- Open the Certificates Add on select “Trusted Authorities (Root)” from the Certificate Type list
- You can select any certificate and click the Details button to view the Valid Till date
- Note: You do not need to remove old certificates (in fact, it wouldn’t even let me!)
- Click the Import button
- Enter your FTP site information and click the Connect button
- After it has connected, type in the relevant filename and click Import File
- You will get an “Import Successful” message if it finds the file
- Close all of the windows and the new certificate will now be installed, no reboot required.