Chris De Herrera's Windows CE Website

About
Discuss.Pocket PC FAQ Forum

Add Pocket PC FAQ to your Favorites
RSS    RSS Feeds
Wiki    Lost?
Custom Search
Subscribe    Print
Miscellaneous
Table of Contents
Mobile Format
News

[an error occurred while processing this directive]


 
Pocket PC Magazine Best Site

Website Awards
Website Updates

By Chris De Herrera 
Copyright 1998-2007
 All Rights Reserved
A member of the Talksites Family of Websites

Windows and Windows CE are trademarks of Microsoft
Corporation
and are used
under license from owner.
CEWindows.NET is not
associated with Microsoft 
Corporation.

All Trademarks are owned
by their respective companies.

Digital Certificates FAQ
By Chris De Herrera, Copyright 2006-2007
 Version 1.04  Revised 11/5/2007

[an error occurred while processing this directive]

Introduction

One of the common enterprise users experience is installing a digital certificate.  Digital Certificates are used to encrypt SSL connections to websites and to allow you to use Exchange ActiveSync. Most websites uses digital certificates from vendors that have root digital certificates installed on the Pocket PC or Smartphone.  In most companies they use locally signed certificates.  This article explains how to install digital certificates on your Smartphone or Pocket PC.

Supported Digital Certificates Formats and Types

Windows Mobile 2003, 2003 Second Edition, 5.0 and Pocket PC 2002 and Smartphone 2002 supports the importation of digital certificates in DER format.  I have been unable to import digital certificates in BASE64 or PKCS7 format.  If you have a PKCS12 certificate you will need to use a special program to import the personal and root certificates.  Also, digital certificates which support wildcards for hosts are not supported.  You will be able to import the wildcard enabled certificates however the device will not be able to use them.  The digital certificates need to have the extension of .CER.  With Windows Mobile 6 and 6.1, you can now import CER, P7B and PFX format digital certificates.   Also, Windows Mobile 6 and 6,1 supports wildcard enabled digital certificates.

Where to Get Digital Certificates

There are multiple ways to extract the digital certificate from the web server that is providing web access to Exchange. You can contact the network administrator and ask him or her to extract the .CER file so you can install it on your device. If you don�t have access to the server you can still extract the certificate using a Windows XP PC by visiting the Outlook Web Access website and right clicking a blank portion of the web page. Then click on the Properties. Then click on Certificates, click on the Details tab and then click on the button to Copy to File. Then follow the prompts to extract the file. Make sure you select the DER format for the certificate.

Where Digital Certificates are Stored

Pocket PCs and Smartphones store digital certificates in the registry.  With Windows Mobile 5.0 and prior devices the digital certificates are stored in Hkey local machine.  Hkey local machine is usually protected from being modified by the user by the OEM where a special program is required to install the digital certificate.  With Windows Mobile 6 and 6,1, the digital certificates are stored in Hkey Current User which does not require a signed program to install them.

You can see the installed digital certificates in Start - Settings - System - Digital Certificates.  With Windows Mobile 5.0 and prior devices you will see tabs for root certificates and local certificates.  With Windows Mobile 6, you will see tabs for root certificates, intermediate certificates and local certificates.  When you view the certificates, you can delete them by using click and hold on the name of the certificate and selecting the option to delete them in the drop down menu.

Utilities to Install Digital Certificates

If you have a Pocket PC 2002 you need a special program to install a digital certificates.  See the Add Root Certificate - Pocket PC 2002. To install a PKCS12 certificate see Pocket PC 2003 Personal Certificate Import Utility or Windows Mobile 5.0 Personal Certificate Import Utility. If your Pocket PC or Smartphone is from Sprint or Verizon you need a specially signed utility to install digital certificates on your device.  For Sprint Windows Mobile 2003 Smartphones, Sprint iDEN Windows Mobile 2003 Smartphones, Verizon Windows Mobile 2002 and 2003 Smartphones.  Also, HP has their own utility to import digital certificates for iPAQs as well.  With Windows Mobile 6 and 6.1, you no longer need a special program to import the digital certificates.

Installing Digital Certificates

If you do not need to install a special utility listed above, all you need to do is copy the .CER file from your PC to your Pocket PC. You can use ActiveSync to copy the file using File - Explore in ActiveSync while you synchronize.  Also, you can copy the .CER file to a flash card and insert it in your Pocket PC or Smartphone.  Once you have copied the .CER file to the device, you need to use File Explorer to navigate to the location where the file is copied.  Then click on the file to begin the installation.  The device will ask you if you want to install it.  Answer YES to install the certificate.  If you have to use a utility listed above to install the certificate, run the program and follow the instructions to install the certificate.

Please note that the StartCom Free SSL certificates are not supported by default. I suggest that you install the cert on your Windows Mobile device as well as your server.

[an error occurred while processing this directive]

Return to Chris De Herrera's Windows CE Website