A. Adding Test Certificates to the Certificate Store and Devices
You need to add test certificates to the following:
Personal certificate store on the computer used to develop applications
Windows Mobile-based device
You add certificates to the device by using the RAPIConfig.exe application and a provisioning .xml file.
To add the certificates to the personal certificate store
For the privileged certificate, open Windows Explorer and double-click the TestCert_Privileged.pfx file located at C:/Program Files/Windows CE Tools/wce500/<platform>/Tools.
Click Next three times. A password is not associated with this certificate.
Confirm that Automatically select the certificate store based on the type of certificate is selected, and then click Next.
Click Finish.
For the unprivileged certificate, double-click the TestCert_UnPrivileged.pfx file located at C:/Program Files/Windows CE Tools/wce420/<platform>/Tools, and then repeat steps 2–4.
To add the certificates to the device
Connect the Windows Mobile-based device to the computer using ActiveSync.
Open a command prompt window, and change to the folder that contains the RAPIConfig.exe application and the sdktestcerts.xml file. The files are located at C:/Program Files/Windows CE Tools/wce500/<platform>/Tools.
At the command prompt, type RAPIConfig.exe /p sdktestcerts.xml, and then press ENTER.
B. Determining the Security Configuration of the Device
If the device security configuration requires signed binary files and the application binary files are unsigned, the application will not run. You can use provisioning XML and the SecurityPolicy Configuration Service Provider to determine the security configuration of the device.
C. Querying for Certificates Contained in the Device Certificate Store
If your application fails to install or run, it may be signed with a certificate that does not match any of the root certificates contained in the device certificate store. You can use provisioning XML and the CertificateStore Configuration Service Provider to determine which certificates are contained in the certificate store.
To query for certificates contained in the device certificate store
Create the provisioning XML document.
Save the XML document as an ASCII file.
Add the .xml file to an installation .cab file by doing the following:
Open a command prompt window and change to the C:/Program Files/Windows CE Tools/wce500/Windows Mobile 5.0 Pocket PC SDK/ folder for Pocket PC, or C:/Program Files/Windows CE Tools/wce500/Windows Mobile 5.0 Smartphone SDK/ folder for Smartphone.
Run the makecab.exe tool as follows:
For Windows Mobile-based Smartphones: makecab XML file name myprovxml.cab
For Windows Mobile-based Pocket PCs: makecab /D COMPRESS=OFF XML file name myprovxml.cab
Note /D COMPRESS=OFF turns off file compression, which Windows Mobile software for Pocket PCs requires.
Sign the .cab file using signtool.
D. Signing Applications for Testing and Distribution
You sign .cab and binary files using signtool.exe. This will enable you to certify and distribute the application through the Microsoft Mobile2Market program.
E. Importing and Exporting Test Certificates
a) Installing the PVK Digital Certificate Files Importer
You can use the PVK Digital Certificate File Importer tool for packaging import and export certificate files.
To download and install the PVK Digital Certificate Files Importer
Download the PvkImprt.exe setup program, located at PVK Digital Certificate Files Importer.
Double-click the file.
Follow the instructions on the screen.
You can also use the command line to install for the application. The following example shows the syntax for installing from the command line.
pvkimprt [option]
The following table shows the command line options for the installation.
| Option | Description |
| /Q | Quiet mode for the installation package |
| /T:<full path> | Specifies a temporary working folder |
| /C | When used with the /T option, extracted for folder specified |
| /C:<Cmd> | Overrides the install command defined by author |
b) Importing Digital Certificate Files into the Personal Certificate Store
You can import the digital certificate files (.cer or .spc file and a .pvk key pair file) into the personal certificate store on a computer by running PVK Digital Certificate Importer (PvkImprt.exe) with the -IMPORT option.
To import the digital certificate files into the Personal certificate store
Open a command prompt window.
Type PVKIMPRT -IMPORT and the full path of the .cer or .spc file and a .pvk file.
The following example shows the syntax for using PvkImport.exe to import the .cer or .spc file and a .pvk key pair file:
<full directory path/>PvkImprt -import <full directory path/><.spc or .cer file> ,<full directory path/><.pvk file>
In the following example, the TestCert_Privileged.cer and TestCert_Privileged.pvk files are imported:
C:/SDK/Tools/pvkimprt -import C:/SDK/Tools/TestCert_Privileged.cer C:/SDK/Tools/TestCert_Privileged.pvk
Click Next, and then select Place all certificates in the following store.
Click Finish.
The import was successful message displays.
To confirm that the import was successful, view the certificate in the personal certificate store.
c) Packaging Digital Certificate Files for Export
You can package digital certificate files (.cer or .spc and .pvk) in a .pfx file. A .pfx file is encrypted according to the PKCS #12 standard and a single password helps protect a .pfx file. Packaging enables you to back up the files and import them into the personal certificate store on another computer.
Run the PvkImprt tool from the directory you installed it in, or supply the complete path to the install directory.
To package digital certificate files in a .pfx file for export
Open a command prompt window.
Type PVKIMPRT -PFX and full path of the .cer or .spc file and a .pvk file.
The following example shows the syntax for packaging files in a .pfx file:
<Full directory path/>pvkimprt -PFX <Full directory path/><.cer or .spc file name> <Full directory path/><.pvk file name>
In the following example, the TestCert_Privileged.cer and TestCert_Privileged.pvk files are packaged in a .pfx file:
pvkimprt -PFX c:/SDK/Tools/TestCert_Privileged.cer c:/SDK/Tools/TestCert_Privileged.pvk
Click Next.
Select Yes, export the private key, and then click Next.
Select Enable strong protection, and then click Next.
Select Personal Information Exchange - PKCS#12 (.PFX).
Type the password you want to use to help protect the file, and then click Next.
Type the file name or click Browse to select the file, and then click Finish.
d) Viewing Certificates in the Personal Certificate Store
You can use Microsoft Internet Explorer to view certificates in the personal certificate store.
To view certificates using Internet Explorer
Open Internet Explorer.
On the Tools menu, click Internet Options.
Click the Content tab, and then click Certificates.
Click the Personal tab to view the certificates in the personal certificate store
You should have access rights to the private keys of all certificates in the personal certificate store. You can determine whether you have access rights to a private key by double-clicking a certificate to view the certificate information.
e) Troubleshooting the PVK Digital Certificate Files Importer
Due to a difference in default key lengths between Microsoft® Windows® Millennium, Microsoft® Windows® XP and other versions of Windows, the PvkImprt.exe tool may fail when used to import keys between Windows Millennium or Windows XP and other Windows platforms. You can solve this problem by doing the following:
Use PvkImprt.exe to export the .pvk and .spc or .cer files as type .pfx on a Windows platform that is the same as the one on which the keys were generated. For example, if the key pair was generated on a Windows Millennium or Windows XP computer, perform the .pfx export on a Windows Millennium or Windows XP computer.
Once the keys have been exported as type .pfx, they can be imported on any Windows platform using a certificate import tool. For example you could import the files by using the Certificate Import Wizard.
扫一扫
5365
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
