Problems Getting Authenticode to Work

Hi all,

I'm having problems getting my mobile device (Windows Mobile 6.1) to see my VB.NET application as genuine.

Here are the steps I am taking - can anybody see why there is a problem?

I use makecert.exe to create a new root certificate....
makecert -n "CN=McLernonsMARS" -r -sv McLernonsMARS.pvk McLernonsMARS.cer

Next I use cert2spc.exe to create the spc file....
cert2spc.exe McLernonsMARS.cer McLernonsMARS.spc

Now I use pvk2pfx.exe to create my pfx file....
pvk2pfx.exe -pvk McLernonsMARS.pvk -pi mypassword -spc \McLernonsMARS.spc -pfx McLernonsMARS.pfx -po mypassword

I import the pfx onto my development machine (automatically determine the certificate store)

I use this pfx file to sign all the dll's and the exe which forms the output of my VB.NET project (VS2008 - My Project - Devices - Authenticode signing - select the imported pfx) and I recompile the project.

On the mobile device I import the .cer file created above into the root certificate store.

I then copy all the dll's and the .exe to the mobile device and attempt to run it. (Note that I dont use a CAB file to deploy the application).

I still keep getting the annoying messages about attempting to run an application from an untrusted publisher. Any ideas why this might be the case?

Cheers

Mike

2

Contributors

4

Replies

2 Days

Discussion Span

1 Year Ago

Last Updated

5

Views

Question
Answered

railrover

Newbie Poster

4 posts since Apr 2008

Reputation Points: 26

Solved Threads: 0

Skill Endorsements: 0

1 Year Ago

0

Further to this, I think I've sorted it.....

Besides creating the Root Certificate, it looks like you also need to create an intermediate certificate from the root. If you use the intermediate certificate to create the pfx file for signing the code, and then import BOTH the root certificate AND the intermediate certificate to the mobile device, it all works perfectly.

Hope this helps somebody!

Cheers

Mike

railrover

Newbie Poster

4 posts since Apr 2008

Reputation Points: 26

Solved Threads: 0

Skill Endorsements: 0

1 Year Ago

0

Spoke too soon.....
tried a second device and I simply cant get the untrusted published messages to go away..... so its back to you guys.

Thanks in advance,

Mike

railrover

Newbie Poster

4 posts since Apr 2008

Reputation Points: 26

Solved Threads: 0

Skill Endorsements: 0

1 Year Ago

0

That can be an issue, I'm not aware of any Windows mobile developer on the forum :(

peter_budo

Code tags enforcer

Moderator

15,791 posts since Dec 2004

Reputation Points: 2,867

Solved Threads: 944

Skill Endorsements: 50

1 Year Ago

Show Comments

1

I've finally cracked it!

http://blogs.msdn.com/b/windowsmobile/archive/2006/05/02/certificate-stores.aspx contains the clue.

In short, the locations to where you can deploy a certificate to on a mobile device, by simply clicking on the .CER or .PFX file, have NOTHING to do with code signing! My solution was to create a CAB file containing a _setup.xml file that does nothing else except deploy the certificate.

http://technet.microsoft.com/en-us/library/cc182241.aspx
has the instructions on how to do this. Make sure you deploy to a store like "Unprivileged Execution Trust Authorities" rather than "ROOT".

Of course, if you use a VS2008 setup project to deploy your app, you can simply select the option to provision the device and install your certificate to the unpriviliged store, but I don't deploy my app using a CAB file.

Took me 4 days to get there, but its all working now!

Cheers

Mike

railrover

Newbie Poster

4 posts since Apr 2008

Reputation Points: 26

Solved Threads: 0

Skill Endorsements: 0

Question Answered as of 1 Year Ago by peter_budo

Problems Getting Authenticode to Work

This question has already been solved: Start a new discussion instead