Certificate Stores
The Certificate Stores contain digital certificates on the mobile device. Smartphone and Pocket PC each have a set of default certificate stores to aid in the management of certificates. Pocket PC provides for the management, adding, deleting and querying, of certificates; but does not check certificates for application installation or execution. For more information about certificate stores and adding certificates, see Application Security.
The following table shows the certificate stores that are available by default on all Windows Mobile-based devices.
| Certificate store | Description |
|---|---|
| Root | Stores root certificates with secure Web sessions (HTTPS) privileges.
Certificates in the ROOT Store are used for verification purposes for SSL and secure server connections. The Smartphone ROOT Store is initially populated with the set of default root certificates. |
| CA | Stores certificates for privileged, intermediate certification authorities. |
| My | Stores the user's personal client certificates for authenticating over a Secure Sockets Layer (SSL) channel, over an 802.1x or virtual private network (VPN), and for encrypting and signing e-mails. |
Additionally, for Smartphone, the following certificate stores are also available by default.
| Certificate store | Descriptions |
|---|---|
| SPC | Stores root certificates for trusted software publishers whose applications can be installed on the device.
Certificates in the SPC Store are used to verify signed packages (.cab files) for installation. |
| Privileged Execution Trust Authorities and Unprivileged Execution Trust Authorities | Store root certificates for the Baltimore and Verisign certification authorities, which provide certification of network-ready wireless applications. These certificates are specifically for the Mobile2Market (M2M) code-signing program. For more information about Mobile2Market certificates, see https://www.microsoft.com/mobile/developer.
Certificates in the Privileged Store are used to verify signed applications for execution in Privileged mode. Certificates in the Unprivileged Store are used to verify signed applications for execution in Unprivileged mode. These stores can also contain other certificates, such as those added by a mobile operator. |
Certificates for some certification authorities are included in the root store by default. It is recommended that you add root certificates for other trusted certification authorities to the stores. The following table shows the certificates that are included in the root store.
| Certification authority | Description |
|---|---|
| Microsoft Mobile Software Privileged Execution Publisher | The root certificate is used to sign the cryptographic service provider, rsaenh.dll, which is used by CryptoAPI. For information about CryptoAPI, see the Cryptography documentation under "Security" in the MSDN library. |
| Microsoft Mobile Software Unprivileged Execution Publisher | The root certificate is used to sign Microsoft files in ROM software that must run as unprivileged. |
| Microsoft Mobile Device Software Installation Publisher | The root certificate is used to sign applications that are installed and run with the SECROLE_USER_AUTH role. This root cannot be used for provisioning or managing the device. |
For more information about adding certificates see CertificateStore Configuration Service Provider Examples.
See Also
Certificates | Troubleshooting SSL Connections | Application Trust Levels | CertificateStore Configuration Service Provider | CertificateStore Configuration Service Provider Examples
Send feedback on this topic to the authors.
© 2005 Microsoft Corporation. All rights reserved.