none
How to extend the win mobile development certificates's valid time?

    Question

  • Hi all,

    I am a win mobile software engineer. Now I am developmenting a software in win mobile 5/6 and it need to be signed by development certificate which is include in "Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates". But the certificate in "Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates" is valid from 11/5/2004 to 12/31/2009. So it has expired.
    Who does know how to get the new development certicicates or extend the valid time of it?

    Thanks
    Wednesday, January 06, 2010 5:18 AM

Answers

  • You need to create Your own cert and provision it during cab installation.
    Steps to achieve this:

    1) Create Your own cert according to this article (You'll find most tools in VS folder)

    2) Create wap-provisioning doc

    3) Sign Your app / service with Your own certificate

    4) Copy files to emulator and manually provision the device (through any valid app)

    5) Test if everything works.

    6) Create a new Setup.dll project (in C++) and apply this code:

    #include "stdafx.h"
    #include "ce_setup.h"
    #include "cfgmgrapi.h"
    
    BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
    {
        return TRUE;
    }
    
    codeINSTALL_INIT Install_Init(HWND hwndParent, BOOL fFirstCall, BOOL fPreviouslyInstalled, LPCTSTR pszInstallDir)
    {
    	LPWSTR wszOutput = NULL;
    	LPCWSTR provisioning = L"<?xml version=\"1.0\" encoding=\"utf-8\" ?>"
    						  L"<wap-provisioningdoc>"
    						  L"<characteristic type=\"CertificateStore\">"
    						  L"<characteristic type=\"Privileged Execution Trust Authorities\">"
    						  L"<characteristic type=\"[add here Your cert sh1]\">"
    L"<parm name=\"EncodedCertificate\" value=\"" // add here Your cert base 64 L"\" />" L"</characteristic></characteristic></characteristic>" L"<characteristic type=\"CertificateStore\">" L"<characteristic type=\"SPC\">" L"<characteristic type=\"[add here Your cert sh1]\">" L"<parm name=\"EncodedCertificate\" value=\"" // add here Your cert base 64 L"\" />" L"<parm name=\"Role\" value=\"254\" />" L"</characteristic></characteristic></characteristic>" L"</wap-provisioningdoc>"; HRESULT result = DMProcessConfigXML(provisioning, CFGFLAG_PROCESS, &wszOutput); delete [] wszOutput; return (result == S_OK) ? codeINSTALL_INIT_CONTINUE : codeINSTALL_INIT_CANCEL; } codeINSTALL_EXIT Install_Exit(HWND hwndParent, LPCTSTR pszInstallDir, WORD cFailedDirs, WORD cFailedFiles, WORD cFailedRegKeys, WORD cFailedRegVals, WORD cFailedShortcuts) { return codeINSTALL_EXIT_DONE; } codeUNINSTALL_INIT Uninstall_Init(HWND hwndParent, LPCTSTR pszInstallDir) { return codeUNINSTALL_INIT_CONTINUE; } codeUNINSTALL_EXIT Uninstall_Exit(HWND hwndParent) { return codeUNINSTALL_EXIT_DONE; }

    7) Create a cab with signed app files and setup.dll.

    8) Test cab on emulator as many times as You wish (remember to not to save an image to not to preserve previous provs)

    This code will automatically provision the device with proper certificate BEFORE the installation.
    It's very handy when used with services (You can also turn them on in setup.dll).

    PS. Open SSL for Windows can be obtained here.

    If You'll find my answer satisfactory or helpful - mark it as answered or vote for it! Thank You.
    If You think You know better then me, why is Your code not working, then don't waste my time at this forum. Otherwise - do as I'm suggesting.

    I'm on MSDN just like MD House in the clinic. But I'm also a human which sometimes needs to see another doctor :)
    • Proposed as answer by Mal Loth Wednesday, January 06, 2010 7:07 AM
    • Marked as answer by Lchen98 Wednesday, January 06, 2010 1:24 PM
    • Edited by Mal Loth Wednesday, January 06, 2010 5:35 PM
    Wednesday, January 06, 2010 7:06 AM
  • Mal Loth, thank you for your answer. I following the way that you tell me in the step 1 (this article ) and create my new test development certificate. Now the prolbem is solved. Thank you.
    • Marked as answer by Lchen98 Wednesday, January 06, 2010 1:23 PM
    Wednesday, January 06, 2010 1:23 PM

All replies

  • You need to create Your own cert and provision it during cab installation.
    Steps to achieve this:

    1) Create Your own cert according to this article (You'll find most tools in VS folder)

    2) Create wap-provisioning doc

    3) Sign Your app / service with Your own certificate

    4) Copy files to emulator and manually provision the device (through any valid app)

    5) Test if everything works.

    6) Create a new Setup.dll project (in C++) and apply this code:

    #include "stdafx.h"
    #include "ce_setup.h"
    #include "cfgmgrapi.h"
    
    BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
    {
        return TRUE;
    }
    
    codeINSTALL_INIT Install_Init(HWND hwndParent, BOOL fFirstCall, BOOL fPreviouslyInstalled, LPCTSTR pszInstallDir)
    {
    	LPWSTR wszOutput = NULL;
    	LPCWSTR provisioning = L"<?xml version=\"1.0\" encoding=\"utf-8\" ?>"
    						  L"<wap-provisioningdoc>"
    						  L"<characteristic type=\"CertificateStore\">"
    						  L"<characteristic type=\"Privileged Execution Trust Authorities\">"
    						  L"<characteristic type=\"[add here Your cert sh1]\">"
    L"<parm name=\"EncodedCertificate\" value=\"" // add here Your cert base 64 L"\" />" L"</characteristic></characteristic></characteristic>" L"<characteristic type=\"CertificateStore\">" L"<characteristic type=\"SPC\">" L"<characteristic type=\"[add here Your cert sh1]\">" L"<parm name=\"EncodedCertificate\" value=\"" // add here Your cert base 64 L"\" />" L"<parm name=\"Role\" value=\"254\" />" L"</characteristic></characteristic></characteristic>" L"</wap-provisioningdoc>"; HRESULT result = DMProcessConfigXML(provisioning, CFGFLAG_PROCESS, &wszOutput); delete [] wszOutput; return (result == S_OK) ? codeINSTALL_INIT_CONTINUE : codeINSTALL_INIT_CANCEL; } codeINSTALL_EXIT Install_Exit(HWND hwndParent, LPCTSTR pszInstallDir, WORD cFailedDirs, WORD cFailedFiles, WORD cFailedRegKeys, WORD cFailedRegVals, WORD cFailedShortcuts) { return codeINSTALL_EXIT_DONE; } codeUNINSTALL_INIT Uninstall_Init(HWND hwndParent, LPCTSTR pszInstallDir) { return codeUNINSTALL_INIT_CONTINUE; } codeUNINSTALL_EXIT Uninstall_Exit(HWND hwndParent) { return codeUNINSTALL_EXIT_DONE; }

    7) Create a cab with signed app files and setup.dll.

    8) Test cab on emulator as many times as You wish (remember to not to save an image to not to preserve previous provs)

    This code will automatically provision the device with proper certificate BEFORE the installation.
    It's very handy when used with services (You can also turn them on in setup.dll).

    PS. Open SSL for Windows can be obtained here.

    If You'll find my answer satisfactory or helpful - mark it as answered or vote for it! Thank You.
    If You think You know better then me, why is Your code not working, then don't waste my time at this forum. Otherwise - do as I'm suggesting.

    I'm on MSDN just like MD House in the clinic. But I'm also a human which sometimes needs to see another doctor :)
    • Proposed as answer by Mal Loth Wednesday, January 06, 2010 7:07 AM
    • Marked as answer by Lchen98 Wednesday, January 06, 2010 1:24 PM
    • Edited by Mal Loth Wednesday, January 06, 2010 5:35 PM
    Wednesday, January 06, 2010 7:06 AM
  • Mal Loth, thank you for your answer. I following the way that you tell me in the step 1 (this article ) and create my new test development certificate. Now the prolbem is solved. Thank you.
    • Marked as answer by Lchen98 Wednesday, January 06, 2010 1:23 PM
    Wednesday, January 06, 2010 1:23 PM