Re: Need a second privileged root certificate for WM5 device

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Scott Yost [MSFT]" <scyost@xxxxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Mar 2006 13:23:36 -0800

The "ROOT" store on the device is entirely concerned with SSL connections and things like that.
The Privileged/Unprivileged and SPC stores are the ones that deal with code execution, and they do not care if the cert is a self-signed root or not.

--
Scott Yost
Software Development Engineer/Test
Microsoft Corp.

This posting is provided "AS IS" with no warranties, and confers no rights.

"John Nossluap" <noadress@xxxxxxxxxxxx> wrote in message news:%23T6dRinTGHA.5468@xxxxxxxxxxxxxxxxxxxxxxx

Lao K wrote:
The certificate itself does not matter. What matters is where the
certificate is stored. If you put a certificate into "Privileged
Execution Trust Authorities", sign your code using the certificate,
then you code is privileged-signed.

I see, I thought these certificates were _root_ certificates, either of the type privileged or unprivileged. But in reality they have nothing to do with the root store of the device, just the Privileged/Unprivileged
Execution Trust Authorities stores?

Can you still use makecert.exe från the 2003/CE420 SDK to create these certificates and target them to these stores?

I have found that lots of people are confused here, and Microsoft's
documentation in this aspect is not the clearest. I plan to write a
series of articles in my blog "Windows Mobile Pocket PC Smartphone
Programming" (http://windowsmobilepro.blogspot.com/). Do you have any
suggestion on the topics?

Go for it! I'm sure it'll be very appreciated among developers and technicians. Microsofts (especially beginning with WM5) documentation is OK but often a bit overwhelming when you're in a hurry trying to understand a new area.

References:
- Need a second privileged root certificate for WM5 device
  - From: John Nossluap
- Re: Need a second privileged root certificate for WM5 device
  - From: Lao K
- Re: Need a second privileged root certificate for WM5 device
  - From: John Nossluap

Prev by Date: Re: queries on PDA application development
Next by Date: WM_GETTEXT not getting all charecters
Previous by thread: Re: Need a second privileged root certificate for WM5 device
Next by thread: RegOpenKeyEx error on WM2005
Index(es):
- Date
- Thread

Relevant Pages

CryptoAPI / Certificate chain install question..
... And I want to install various certificates in appropriate certificate stores (Personal, Intermediate CAs, Trusted Root CAs). ... First option I was thinking was to build a chain using CertGetCertificateChain function and then distribute the certs to appropriate stores since they would arranged from the leaf to the root. ...
(microsoft.public.platformsdk.security)
Re: Need a second privileged root certificate for WM5 device
... If you put a certificate into "Privileged ... Execution Trust Authorities stores? ... Microsofts documentation is OK but often a bit overwhelming when you're in a hurry trying to understand a new area. ...
(microsoft.public.pocketpc.developer)
Re: Cert Stores
... ROOT - Trusted Root Certification Authorities ... TrustedPublisher - TrustedPublisher ... >>> I am confused as to what stores are predefined. ...
(microsoft.public.platformsdk.security)
Re: Cert Stores
... > read that there are the MY, ROOT, TRUST and CA stores. ... > in mmc, I see none of the above (there is Personal, ... > Trusted Root CA, Trusted People, etc). ...
(microsoft.public.platformsdk.security)
Cert Stores
... I am confused as to what stores are predefined. ... read that there are the MY, ROOT, TRUST and CA stores. ... Trusted Root CA, Trusted People, etc). ...
(microsoft.public.platformsdk.security)