Methods for Adding Root Certificates
4/8/2010
Most devices allow you to view the certificates in the ROOT and MY stores. You can also use the control panel to delete certificates, in some cases.
The following table summarizes the methods for adding certificates to the ROOT store.
| Method | Comments |
|---|---|
CryptoAPI |
This is the most flexible, but complex method to manage certificates and certificate stores. For more information, see Certificates Functions. |
CertificateStore Configuration Service Provider |
This method allows management of any of the built-in certificate stores on the device using provisioning XML files. |
CertInst.exe For Pocket PC for Windows Mobile 2003, Pocket PC for Windows Mobile Version 5.0. |
This application installs .cer files to the device. For Windows Mobile 6.5, use Certinstaller.exe. |
SPAddCert.exe For Smartphone for Windows Mobile 2003, Smartphone for Windows Mobile Version 5.0. |
This application is specific to Windows Mobile Standard. It finds all the .cer files on the device and allows the user to install files to the ROOT store. For Windows Mobile 6.5, you should use Certinstaller.exe instead. SPAddCert.exe is no longer supported in Windows Mobile 6.5. |
CertificateEnroller Configuration Service Provider |
This method allows creation of multiple Certificate Types and manages their enrollment and renewal. |
Desktop Certificate Enrollment |
Provides a user-friendly, secure method for enrollment of a certificate to a device and provides a means of renewing certificates on the device. Integrates with ActiveSync and utilizes Active Directory For more information, see Desktop Certificate Enrollment. |
CertInstaller.exe |
Installs certificates into the HKCU CA and ROOT certificate stores while still running under SECROLE_USER_AUTH. For more information, see CertInstaller Tool. |
The following table summarizes how each method works with different versions of Windows Mobile software.
| Version | CryptoAPI | CertificateStore Configuration Service Provider | CertInst.exe | SPAddCert.ext |
|---|---|---|---|---|
Windows Mobile 2003 |
Supported. |
Supported. |
Installs to the ROOT store only on Windows Mobile Classic because the user is granted the manager role by default. |
See KB 841060. |
Windows Mobile Version 5.0 |
Supported. |
Supported. |
Fails to install unless the user is granted the manager role. This application installs only to the ROOT store. |
See KB 915840. The signed versions of the application works. |
Windows Mobile Version 5.0 with Messaging and Security Feature Pack |
Supported. |
Supported. |
Fails to install unless the user is granted the manager role. This application installs only to the ROOT store. |
See KB 915840. The signed versions of the application works. |
Windows Mobile 6.5 |
Supported. |
Supported. |
Installs successfully to the CA or ROOT stores. Note that this functionality is included in CertInstaller.exe. |
Not supported. You should use CertInstaller.exe. |