Re: How to deploy real cert in packaged .exe (VS 2005, .net cf 2.0 sp2, WM 5.0)

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

When I use the Security configuration manager, I see a "Microsoft
visual studio signing authority".

Is that not something i can use to prevent that warning message in an
application installed on a WM 5.0 device?


On May 21, 9:41 pm, NET CF Questions <dotnetcfquesti...@xxxxxxxxx>
wrote:
This is custom software for one client's WM 5 devices, not for open
resale.

We want to do it in a way that makes the "untrusted" prompt come up,
but don't need anything fancy.

On May 21, 9:23 pm, NET CF Questions <dotnetcfquesti...@xxxxxxxxx>
wrote:

This is probably a very silly question, but are there fees involved?
Is this something that will cost to do?

Is one scenario free?

I'm sorry, I really know nothing about this at all.

On May 21, 1:51 am, "Peter Foot" <feedb...@xxxxxxxxxxxxxxxxxxxx>
wrote:

To achieve no prompts on installation your package has to be signed with a
certificate already installed on the device. You have two options - sign
your app and cab file with a Mobile2Market certificate e.g. through
VeriSign, or create a cab file specifically to deploy your own
certificate(s) and have this signed with a Mobile2Market certificate - once
this has installed your own certificate correctly you can then deploy your
own application which is self signed.
The certificate vendors have been making the process easier, you can now
sign an entire cab file and all its contents in a single signing event,
previously each .exe and .dll within the cab would require its own signing
event.

Peter

--
Peter Foot
Microsoft Device Application Development MVP
peterfoot.net | appamundi.com | inthehand.com
APPA Mundi Ltd - Software Solutions for a Mobile World
In The Hand Ltd - .NET Components for Mobility

"Jin Chang" <jinsooch...@xxxxxxxxx> wrote in message

news:5e378545-f155-455d-bc51-15093fefe423@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On May 20, 2:59 pm, NET CF Questions <dotnetcfquesti...@xxxxxxxxx>
wrote:
We are developing an application for a Windows Mobile 5.0 device using
VS 2005, .net cf 2.0 and currently when we deploy it to the device for
testing we get the following error;
"The program is from an unknown publisher ...(etc)"

When we go to package this for real use (not test), what are the steps
we need to follow so this warning doesn't appear on the device?

I have seen the instructions
here:http://ce4all.blogspot.com/2007/04/siging-windows-mobile-application-...

but is that for the real environment or just the test environment?

What certs and signings do I need to include how (the steps in VS 2005
please) to do this for a real app?

I would like to bump this thread with an added question/issue.

First of all, there are plenty of information on the web and this
forum about certificates and code-signing, but the problem I'm facing
are the following:

1. Why is it so difficult to use chained certificate for code-signing
with WM devices? One of the source I ran across mentions that it's an
issue with WM 5 and 6. Can someone confirm this so that I might get a
more appropriate certificate?

2. How in the world can one sign a CAB file so that the certificate
is also deployed in one step without the "unknown publisher" message
being displayed? Is it a catch-22 situation where the certificate
must be installed before the CAB can be run without the warning?

I must have read at least 20 different sources on this topic and the
solution still eludes me. Why can't WM code-signing be as easy as
it's for normal PC's OS? Are there reasons why the Cert Vendors make
it so difficult or are WM devices not quite ready-for-prime-time for
these processes to be in place?

- Jin

.

Relevant Pages

  • Re: Windows cannot verify certificate of ClickOnce application
    ... a cert that's already going to be installed on the users machine. ... they click the Publisher hyperlink a warning is shown in the "Certificate" ... dialog with the warning "Windows does not have enough information to verify ... but by their intermediary "Code Signing CA" ...
    (microsoft.public.dotnet.framework.windowsforms)
  • Re: self-signing certificate
    ... saw that my self-signed certificate was under the ... Now warnings at all when opening with medium security set. ... And, if correct, why the warning? ...
    (microsoft.public.access.security)
  • Re: Programmatically Signing DLL
    ... Authenicode signing adds ~ 1 kbyte of data, it wouldn't be a big deal to ... > What kind of certificate do we need to buy to allow programmatic ... IE5+ can properly verify the validity of an Authenticode signature (build into ... As I mentioned before, the CAPICOM install is a no-brainer, fast install, no reboot ...
    (microsoft.public.security)
  • "Unknown Publisher" with kernel-mode driver signed with VeriSign c
    ... I am using a certificate from VeriSign but no WHQL certificate. ... VeriSign Class 3 Code Signing 2009-2 CA ... SHA1 hash: 599F2301A083500D52D0917CCCCC8FE86F8DF3B7 ...
    (microsoft.public.development.device.drivers)
  • Re: Programmatically Signing DLL
    ... key on it and sign a .DLL before it goes into production. ... > Dim Signer, SignedCode ... What kind of certificate do we need to buy to allow programmatic ... signing and validation of a DLL using VC++. ...
    (microsoft.public.security)