SDK certificate after Dec. 31 RRS feed

  • Question

  • It appears that Sample Privileged certificate for Windows Mobile SDK 6 will expire on Dec 31st. Is there an updated certificate that can be used for development and testing purposes after current certificate expires in a couple of weeks?
    Wednesday, December 2, 2009 6:54 PM


All replies

  • You can purchase one, most likely through the same entity from which you got the sample. I've no looked at the pricing in a while but the last time I checked certificates from trusted root authorities were around 400 USD.

    It takes all the running you can do to stay in one place.If you want to get somewhere else,you must try to run at least twice as fast as that.
    Wednesday, December 2, 2009 8:46 PM
  • Hey, one of my development guys just noticed the Sample Privileged Developer cert from the WinMo 6 SDK is getting ready to expire (12/31/09)!  Is there a new one we should download?
    Wednesday, December 30, 2009 5:04 PM
  • In the C:\Program Files\Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates

    All of them expired today! 12/31/2009. We use the SampleUnprivDeveloper certificate and the certs.cab to sign our cab files for our development environment. Then when we go to production we use Geotrust mobile2market signing. This is all according to the MSDN documentation on the proper course of developing for Windows Mobile.

    Does Microsoft have new ones available? If not is there an article that I can use to guide me in creating my own (including a cab file that will install them on our test device) that would properly mimic the restricted behavior I get when I am signed under the Unprivileged Development model on a real device?

    I am sure I can create a .pfx and .cer. I know that is possible. But I am concerned that I won't be getting the same behavior that a mobile2market certificate would be giving me in a production environment.

    Also, how would I go about creating a nice auto install cab if I had to create my own? Has Microsoft release new ones yet? If not why not?
    Thursday, December 31, 2009 7:33 PM
  • Yep.  It's 12/31.  Did Microsoft release new ones somewhere?
    Thursday, December 31, 2009 9:39 PM
  • The entity that gave the sample is Microsoft, and the certificate is part of the Windows Mobile SDK.

    Thursday, December 31, 2009 9:41 PM
  • I have not found updated certificates.  

    I alerted them in May and was informed by Mike Saffitz that they're aware of it, and investigating the issue.
    Thursday, December 31, 2009 9:46 PM
  • Yes, we encountered the same problem over here... a nice way to begin our year.

    We found a workaround, and that is to create our own debug certificates. Quite a tedious job. The problem is that when a CAB file is signed with our new certificates, you're asked for a confirmation during the installation, stating that the CAB is from an "Unknown Publisher". It looks at though our certificate issuer's is not in the device's CA Trust list. This does not happen with a CAB file signed with the Microsoft certificates that come in their SDK, so I hope Microsoft updates their certificates soon.

    Information can be found here:


    Due to the nature of our project, we also had to create Unprivileged certificates (role = 16)


    Saturday, January 2, 2010 7:14 PM
  • I need to sign code I'm testing with these but no go.  Is there an update to these somewhere?  I've searched around but no luck, but probably not a surprise since it is 1/3/2010.  Still though...I need new certs.  Thx.
    Monday, January 4, 2010 6:42 AM
  • issue should be resolved and developer should be updated as soon as possible.

    Monday, January 4, 2010 6:59 AM
  • Oops, add me to the list.  Posted the same question a little while ago in the managed code section.  We need new sample test certs, I don't really want to go buy yet another certificate for $xxx....  Thx.
    Monday, January 4, 2010 8:33 AM
  • Hi expert,

    we use SamplePrivDeveloper.cer ti sign our plug-ins for internal test, but this file expired on 2009/12/31, not our code can not build, is there has a way to fix this problem?

    Monday, January 4, 2010 8:37 AM
  • bump
    Monday, January 4, 2010 7:02 PM
  • If you wish you can download from rapid-share the certificates that I created for my company... I did use the codeproject instructions (code project only had the Priv ones).

    I have created Unpriv and Priv...

    Go here http://rapidshare.com/files/330412049/Vandelay_Certs.zip.html

    FYI - If people find this helpful please download and put on a different mirror... Rapidshare will only allow ten downloads.

    I do get the Unknown publisher the first time I install (after installing my VandelayCerts.cab on the mobile device of course). But after that we are not getting it.
    This seems ok as the first time the user needs to install from the browser for our app anyway (after that we do an auto-update using the .cab in a silent install that
    can't have the unknown publisher prompt, because the user can't see it).

    At the very least this should get everyone's Automated build up and going for now (if you have one like we do).

    Also, for the desktop make sure you install the .cer and pfx pair in their proper locations:

    Eg: VandelayUnprivDevRoot.cer in the: Trusted root certificate authorities.

    and the VandelayUnprivDev.pfx in the Personal store.

    Like some said before this might not be a perfect representation of the Microsoft Windows Mobile SDK certificates. But they should be close enough for now (until Microsoft comes out with theirs). Remember the unknown publisher prompt is just one of the reasons you want to be signed under the "Unprivileged" or "Privileged" certificate(s). From my quick tests my Vandelay certs appear to give me Unpriv developer rights.

    Any questions just ask!
    Monday, January 4, 2010 10:56 PM
  • FYI mods Joel Ivory Johnson "Answer" is not the answer we are looking for, can this be set as unanswered?
    Monday, January 4, 2010 10:58 PM
  • Hi Brian,

    It Worked Fine for me!! Thanks a lot for posting it on Rapidshare. I have created a mirror-Link.


    Download if you find the Rapidshare link is expired.

    PS: Until MS comes back with renewed Certificates, this should be the solution.
    Pradeep Reddy
    Tuesday, January 5, 2010 6:32 AM
  • Hi!

    I am developing an application using phoneime of Visual Studio 2005.

    On 01/01/2010, when i tried to compile the program, i found signing tool error in output window. When i check project property, i found a dialog box mentioning certificate information. Over there, along with other details i found 

    "This certificate has expired or is not yet valid. Valid from: 11/4/2004 to 12/31/2009"

    The following are the references which i used to sort it out the problem.


    When i tried to install certified cab file, on emulator i noticed a error message and end up with failed installation.

    " Installation was unsuccessful.The program or setting cannot be installed because it doesnot have sufficient system permission."

    Kindly help me out.

    • Merged by ZHE ZHAO Thursday, January 7, 2010 3:51 AM
    Tuesday, January 5, 2010 1:17 PM
  • There's another thread about the expired certificate.  There is no real solution but a suggested temporary fix.

    It takes all the running you can do to stay in one place.If you want to get somewhere else,you must try to run at least twice as fast as that.
    Tuesday, January 5, 2010 3:23 PM
  • Agree with Brian here, this should only be marked solved after MS supplies new certs.
    Tuesday, January 5, 2010 3:23 PM
  • Agreed. Microsoft provided the common, shared SDK Certs and it's up to them to provide replacements.  If someone from MSFT would like to weigh in on this matter it would be appreciated.  

    Microsoft, you're taking a leak on the Windows Mobile Developer community - isn't that supposed to matter?

    Tuesday, January 5, 2010 10:56 PM
  • I've solved that one here.
    If You'll find my answer satisfactory or helpful - mark it as answered or vote for it! Thank You.
    If You think You know better then me, why is Your code not working, then don't waste my time at this forum. Otherwise - do as I'm suggesting.

    I'm on MSDN just like MD House in the clinic. But I'm also a human which sometimes needs to see another doctor :)
    • Proposed as answer by Mal Loth Wednesday, January 6, 2010 7:11 AM
    Wednesday, January 6, 2010 7:10 AM
  • FYI. The issue will be addressed in the next SDK update in the near furture. Besides the workarounds mentioned in this thread, you can also temporarily change the date of the development PC and the devices backward (make sure it's before 12/31/2009).
    Please mark the post that helps you, and unmark that does not. This benefits our community.
    Thursday, January 7, 2010 8:05 AM
  • For Community archiving purposes: Test Certificates have been made available by the Windows Mobile Product Group at http://windowsteamblog.com/blogs/wmdev/archive/2010/01/12/new-windows-mobile-developer-certificates.aspx.

    Also, since I was missing the Certs.xml and the Certs.cab (used by "testers", not by "developers", so they couldn't rely on Visual Studio to automatically provision the targe device), I just created them by using the usual procedure and made them available on http://blogs.msdn.com/raffael/archive/2010/01/15/windows-mobile-6-sdk-test-only-certificates-new-cab-and-xml-provisioning.aspx. I hope I helped "testers\developers" saving some time...



    This posting is provided 'as is' with no warranties and confers no rights.
    Friday, January 15, 2010 4:35 PM
  • Hello Raffaele Limosani [MSFT] ,
    After downloading new developer certificates and Certs.xml and Certs.Cab and placing these files to "C:\Program Files\Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates".
    When I'm trying to build my test app with this certificate i'm getting error and signing failed.Details of error given below :
    1>Authenticode signing project output...
    1>Done Adding Additional Store
    1>Number of errors: 1
    1>SignTool Error: ISignedCode::Sign returned error: 0x800B010A
    1> An internal certificate chaining error has occurred.
    1>SignTool Error: An error occurred while attempting to sign: d:\WorkSpace\Rough\SdkCertsTest\SdkCertsTest\Windows Mobile 6 Professional SDK (ARMV4I)\Debug\SdkCertsTest.exe
    1>Build log was saved at "file://d:\WorkSpace\Rough\SdkCertsTest\SdkCertsTest\Windows Mobile 6 Professional SDK (ARMV4I)\Debug\BuildLog.htm"
    1>SdkCertsTest - 2 error(s), 0 warning(s)

    Could you please tell me which step/s i'm missing ????
    Thanks in advance....
    Saturday, January 16, 2010 6:35 AM
  • Hi Umesh, we should troubleshoot this issue offline - pls contact me via my blog at http://blogs.msdn.com/raffael/contact.aspx, hopefully it'll be a quick issue to address, otherwise you can always rely on Technical Support through a Service Request. Pls send details, such as the precise list of steps you followed.

    This posting is provided 'as is' with no warranties and confers no rights.
    Monday, January 18, 2010 10:30 AM
  • Hi Umesh, I've tried to reproduce the issue and was partially able - by importing certificates in stores other than the Personal (on the development PC) - then was able to address it by removing the SDK Certs in every store, and importing (through VS2008) only the 2 .PFX files in the Personal store. My suggestion for you is to open the Certificates console on the PC (Start\Run... <certmgr.msc>) and use this to remove all the occurrencies of the "TEST USE ONLY - Sample... - Windows Mobile SDK" that can be under every store (check specifically the Personal\Certificates, Trusted Root Certification Authorities\Certificates, Other People\Certificates). Once doing that, just use VS2008 to import the newly created sdksampleprivdeveloper.PFX and sdksampleunprivdeveloper.PFX (only the .PFX files) into the Personal store. Should this not address the problem, you may either start a new forum-thread or feel free to ping me offline.



    This posting is provided 'as is' with no warranties and confers no rights.
    Monday, January 18, 2010 1:06 PM
  • hi raffaele,

    i have received the similar error(one by Umesh), after replacing old certificates with newer, in "Windows Mobile 6 SDK\Tools\Security\SDK Development Certificates", when i useed it in my app, it gives an error "ISignedCode::Sign returned error: 0x800B010A SignTool Error".
    Thursday, January 28, 2010 12:35 PM
  • hello all,

    I have an WinCE MFC application, it was giving error "ISignedCode::Sign returned error: 0x800B010A SignTool Error",
    from msdm forums i came to know that the SDK certificates are expired on 31 dec 09, hence i downloaded the new certificates , but after using newer certificates the same problem still persist.
    • Merged by warrentang Monday, February 1, 2010 6:02 AM
    Thursday, January 28, 2010 1:28 PM
  • Hi! That's the same problem reported by Umesh above, that I could partially reproduce on a PC and that I could address by using the steps I already mentioned: have you already tried to clean up the stores from any possibly unexpected certificate on them, by using certmgr.msc? The idea is to remove every certificate that may be related to WM SDK Test and then enroll the PFX files into the Personal store.


    This posting is provided 'as is' with no warranties and confers no rights.
    Thursday, January 28, 2010 2:56 PM
  • Hello,

    I downloaded the new SDK certificates and was able to build my cab file.

    When I went to run the cab file on the WM 6.0 Standard emulator it would not run.

    I then downloaded NewCerts.cab and NewCerts.xml and copied them to the emulator.  I ran the cab file and received an error message

    "Installation was unsuccessful.  The program or setting cannot be installed because it does not have sufficient system permissions".

    So at the moment I am able to get past the previous cabsigntool errors and build a cab that appears to be signed.  I just cannot run it on any standard devices.
    Wednesday, February 10, 2010 12:03 AM
  • This is due to default security configuration of the WM6 Standard Emulators, which reflects the usual configuration chosen by OEMs or Mobile Operators ("2-tier locked" or "2-tier prompt") on real devices: a security policy of that configuration prevents unsigned CABs to run. And the previous SDK Certificates were already provisioned in-ROM on the emulator (that's why you could use it directly).

    You can provision an emulator with the required configuration for example by using the "Security Configuration Manager" that is part of the WM6 SDK (firstly install "C:\Program Files\Windows Mobile 6 SDK\Tools\Security\Security Powertoy\SecCfgMgr.msi") - note that you need to "cradle" the emulator. For example, you can provision the WM6 Standard emulator to "One-Tier Prompt" and at that point when installing the unsigned NewCerts.cab it'll ask if you really want to do it.



    This posting is provided 'as is' with no warranties and confers no rights.
    Wednesday, February 10, 2010 10:39 AM
  • Thanks for the response.  What about the devices we test with.  Can we use the same approach to program them to use the "One Tier Prompt"?
    Wednesday, February 10, 2010 2:22 PM
  • For real devices, if the OEM's Security Configuration had allowed you to install the previuos SDK Certificates then it's absolutely the same for the new ones. And once you are able to install the SDK Test Certificates then for testing purposes you can also provision the device's security configuration: you can find sample XMLs for example under C:\Program Files (x86)\Windows Mobile 6 SDK\Tools\PocketPC\Security\Security Configuration (note that related .CPFs are signed with the expired SDK Certs). Should you have troubles on this, I'd suggest starting a new forum-thread.


    This posting is provided 'as is' with no warranties and confers no rights.
    Thursday, February 11, 2010 9:26 AM
  • New certificates (valid from 1/9/2010 to 12/31/2015) are available in Windows Mobile 6.5.3 Developer Tool Kit.

    Please mark the post that helps you, and unmark that does not. This benefits our community.
    • Marked as answer by warrentang Wednesday, March 3, 2010 5:54 AM
    Wednesday, March 3, 2010 5:54 AM
  • Is there a corresponding "SDKCerts.cab" or "VSDCerts.cab" file that we can use (the way we did with the old ones?).  I've tried loading the certificates on the device manually and still get the "Unknown publisher" warning when I run my actual CAB file (and the app is treated as an untrusted app when it gets loaded).  Thanks!


    Tuesday, April 20, 2010 4:50 PM
  • What do you mean by "manually load the certificates"? In order to have them in the Privileged\Unprivileged\SPC Store, you can use XML Provisioning. Anyway, I felt the lack of .cab (and related .xml) as you, and provided thru the following post http://blogs.msdn.com/raffael/archive/2010/01/15/windows-mobile-6-sdk-test-only-certificates-new-cab-and-xml-provisioning.aspx.



    This posting is provided 'as is' with no warranties and confers no rights.
    • Marked as answer by warrentang Monday, April 26, 2010 3:36 AM
    Wednesday, April 21, 2010 8:36 AM
  • That did the trick, thanks!!!!!
    Friday, April 23, 2010 5:42 PM