Re: How to deploy real cert in packaged .exe (VS 2005, .net cf 2.0 sp2, WM 5.0)


"NET CF Questions" <dotnetcfquestions@xxxxxxxxx> wrote in message
news:ca3f52e4-5bcc-4f5e-9371-9f52257165a0@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thank you so much for your help.
I'm sorry I'm so clueless here.
(This of course is always what clueless people say before they take up
even more of your time..)


I've asked many, many questions so it's only fair that I contribute
something back.



So I get a certificate from Verisign.


That's at least one option, but probably not the only one. It just happens
to be the only one that I know.


Do I also need to sign up for the M2M thing through Microsoft?


Fair question...I don't have the answer to that one as I didn't sign the
..exe for the mobile device I developed an app for. That's kinda why I asked
how many devices you were deploying this to. If it were only a couple then
some of this may not be worth the headache of trying to figure it out. I
developed an app for 1 device, so how far and creative I went with a setup
and deployment package was a no-brainer for me. I probably didn't do it the
Microsoft way, but hey...I had to get the project done and it works. :-)



Then I install it on my development computer?


Not really. There isn't really an installation package. They sent us an
..exe that does the signing, a cert and a key. I use the batch file that
calls on the .exe they sent us with the key, cert and the target .exe
as parameters. Their program calls their own timestmp server and verifies
your key and cert...and VIOLA!!! Your .exe is signed.


(I'm not the developer or a developer, I just look up issues for them
and bother kind usenet folks with my n00bish and incorrectly phrased
questions.. )


No prob. Nobody became an expert without asking some questions.



Am I then ready to package the app via Visual Studio?


You can run a batch file after you've built your project/solution or as part
of the post build events. There is a post build-events button on the
compile tab of your projects properties.


Is there something special I need to do during this process?


Not really. It's so simple you wouldn't believe it.



Or do I do the signing using the the tools they send me?


Whether you run a batch file or add this portion to the post build-events,
they'll both use the .exe, cert and key they sent you.



And about how long does the signing up, installing, etc. take before I
have a signed app?


I think it took a week or so to sign up. They have to verify your company
and who you are, yada, yada, yada. As soon as they send you the stuff, it
can take as little as 5 mintues to set it up and start signing files.



Is it still a case of having to pay for each .exe. or .dll etc that
needs signing?


Nope. You pay for a subscription from them. After your subscription is
up...they won't sign your files anymore. Ours lapsed by 3 days and it
wasn't pretty.
http://www.verisign.com/products-services/security-services/code-signing/digital-ids-code-signing/index.html

Or was that never the case for WM 5.0?


I'm unsure about signing files for mobile devices. You've tapped me for all
my knowledge on that subject.



I've read so much tonight that it's all just a scary blur to me right
now..


Been there...done that...




.

Loading