Hi all,

I'm having problems getting my mobile device (Windows Mobile 6.1) to see my VB.NET application as genuine.

Here are the steps I am taking - can anybody see why there is a problem?

I use makecert.exe to create a new root certificate....
makecert -n "CN=McLernonsMARS" -r -sv McLernonsMARS.pvk McLernonsMARS.cer

Next I use cert2spc.exe to create the spc file....
cert2spc.exe McLernonsMARS.cer McLernonsMARS.spc

Now I use pvk2pfx.exe to create my pfx file....
pvk2pfx.exe -pvk McLernonsMARS.pvk -pi mypassword -spc \McLernonsMARS.spc -pfx McLernonsMARS.pfx -po mypassword

I import the pfx onto my development machine (automatically determine the certificate store)

I use this pfx file to sign all the dll's and the exe which forms the output of my VB.NET project (VS2008 - My Project - Devices - Authenticode signing - select the imported pfx) and I recompile the project.

On the mobile device I import the .cer file created above into the root certificate store.

I then copy all the dll's and the .exe to the mobile device and attempt to run it. (Note that I dont use a CAB file to deploy the application).

I still keep getting the annoying messages about attempting to run an application from an untrusted publisher. Any ideas why this might be the case?



Recommended Answers

All 4 Replies

Further to this, I think I've sorted it.....

Besides creating the Root Certificate, it looks like you also need to create an intermediate certificate from the root. If you use the intermediate certificate to create the pfx file for signing the code, and then import BOTH the root certificate AND the intermediate certificate to the mobile device, it all works perfectly.

Hope this helps somebody!



Spoke too soon.....
tried a second device and I simply cant get the untrusted published messages to go away..... so its back to you guys.

Thanks in advance,


That can be an issue, I'm not aware of any Windows mobile developer on the forum :(

I've finally cracked it!

http://blogs.msdn.com/b/windowsmobile/archive/2006/05/02/certificate-stores.aspx contains the clue.

In short, the locations to where you can deploy a certificate to on a mobile device, by simply clicking on the .CER or .PFX file, have NOTHING to do with code signing! My solution was to create a CAB file containing a _setup.xml file that does nothing else except deploy the certificate.

has the instructions on how to do this. Make sure you deploy to a store like "Unprivileged Execution Trust Authorities" rather than "ROOT".

Of course, if you use a VS2008 setup project to deploy your app, you can simply select the option to provision the device and install your certificate to the unpriviliged store, but I don't deploy my app using a CAB file.

Took me 4 days to get there, but its all working now!



commented: Well done and thank you for sharing +16
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.