Re: How to deploy real cert in packaged .exe (VS 2005, .net cf 2.0 sp2, WM 5.0)

Thank you so much for your help.
I'm sorry I'm so clueless here.
(This of course is always what clueless people say before they take up
even more of your time..)

So I get a certificate from Verisign.
Do I also need to sign up for the M2M thing through Microsoft?

Then I install it on my development computer?
(I'm not the developer or a developer, I just look up issues for them
and bother kind usenet folks with my n00bish and incorrectly phrased
questions.. )

Am I then ready to package the app via Visual Studio?
Is there something special I need to do during this process?

Or do I do the signing using the the tools they send me?

And about how long does the signing up, installing, etc. take before I
have a signed app?

Is it still a case of having to pay for each .exe. or .dll etc that
needs signing?
Or was that never the case for WM 5.0?

I've read so much tonight that it's all just a scary blur to me right
now..

On May 21, 10:51 pm, "Hosmerica" <BigOneCom...@xxxxxxxxxxxxx> wrote:
"NET CF Questions" <dotnetcfquesti...@xxxxxxxxx> wrote in messagenews:295bb770-1936-4f43-96c5-f108565f0259@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx



On May 21, 10:41 pm, NET CF Questions <dotnetcfquesti...@xxxxxxxxx>
wrote:
It will be installed on 100 to 200 devices.

On May 21, 10:33 pm, "Hosmerica" <BigOneCom...@xxxxxxxxxxxxx> wrote:

"NET CF Questions" <dotnetcfquesti...@xxxxxxxxx> wrote in
messagenews:72ff1a3c-ecbd-4115-8bd4-8b7f34b93e4f@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

When I use the Security configuration manager, I see a "Microsoft
visual studio signing authority".

Is that not something i can use to prevent that warning message in an
application installed on a WM 5.0 device?

How many devices are you installing it on?

I have been reading this;
http://blogs.msdn.com/windowsmobile/archive/2005/12/17/security_model...

and it seems impossible that it's that hard.

Do we really need to get some kind of account, pay for a certificate,
upload my software, have it "signed", then have something that will no
longer work if modified?

(Am i just reading it incorrectly?)
What happens if we do a bug fix and alter the install?
Would we need to pay and upload and get it resigned over and over?

Sorry to be so slow here, it's just seeming to confuse me.

I've used certificates for signing from Verisign. The way it works for
those projects is I have an executable(sent from Verisign) , a certificate
and a key. I run a batch file that calls Verisign's timestmp server sending
them credentials of my certificate and key, and signs the targeted
executable everytime I finish building (I have build events set to sign
after the output has changed). I'm not sure it would be different for your
situation, but I wouldn't think you'd have to send them your file to get it
signed, rather I think they'd send you the tools to do it yourself. Thus,
if you had a bug fix and needed an update package or fresh install then
you'd be able to do so anytime until your subscription with them runs out.
This is, of course, using Verisign as opposed to others.




.

Relevant Pages

  • Re: Programmatically Signing DLL
    ... Authenicode signing adds ~ 1 kbyte of data, it wouldn't be a big deal to ... > What kind of certificate do we need to buy to allow programmatic ... IE5+ can properly verify the validity of an Authenticode signature (build into ... As I mentioned before, the CAPICOM install is a no-brainer, fast install, no reboot ...
    (microsoft.public.security)
  • RE: ssl verisign certificate
    ... | I'm trying to install a VeriSign Certificate. ... are pointing to the public key that verisign has provided. ... must change this format to a .cer extension. ... After you change the format then you may want to try to install the ...
    (microsoft.public.inetserver.iis.security)
  • Re: WSE 2.0 security problem
    ... tracing in the web.config so I could see the SOAP responses. ... > Are you sure that you are signing the message? ... but I see nothing that loads a digital certificate (is ... >> Is there something else I need to install on other machines to get my WSE ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: signers certificate is not valid for signing (VS2008 windows forms)
    ... to install a certificate? ... Yes, but with a cert they can trust your company if they want, preventing ... its not a 'real' certificate? ... Apparently I am being coerced into digitally signing applications. ...
    (microsoft.public.dotnet.general)
  • Re: Signing corporate applications
    ... signing the autorun.exe with a "commercial" certificate. ... with an ACS certificate such as the one Verisign sells. ... Unpriviledged Certificate Store *and* the Software Certificate store ...
    (microsoft.public.pocketpc.developer)