Share via


Certificate Management and Application Signing for Application Developers

4/8/2010

Windows Mobile devices are available in several security configurations. The typical configurations are locked, third-party signed, prompt, and security-off. For more information, see Selecting Security Configuration.

Depending on the device security configuration, independent software vendors (ISVs) and independent hardware vendors (IHVs) may need to have applications and cabinet files signed with a certificate that is installed on the device.

Starting in Windows Mobile 6.5, ISVs no longer need to sign drivers or service applications with a privileged certificate when the drivers or service applications are loaded at boot time in Windows Mobile Professional.

ISVs and IHVs can work with Mobile2Market partners that provide certificate authority and digital signature services for signing applications for Windows Mobile. For more information about the Mobile2Market Program see this Microsoft Web site.

Alternatively, ISVs and IHVs working with mobile operators during device development can have the operator sign the applications deployed with the device.

While developing and testing applications, you can create and use a test certificate. Or you can use test certificates available in Windows Mobile SDK. By default, the Windows Mobile SDK certificates are installed in the following folder:

C:\Program Files\Windows Mobile 6.5.3 DTK\Tools\Security\SDK Development Certificates

The following SDK test certificates are available:

FailsafeEmulator.cer

FailsafeEmulator.pfx

FailsafeEmulator.pvk

FailsafeEmulator.spc

SamplePrivDeveloper.cer

SamplePrivDeveloper.pfx

SamplePrivDeveloper.pvk

SamplePrivDeveloper.spc

SampleUnprivDeveloper.cer

SampleUnprivDeveloper.pvk

SampleUnprivDeveloper.pfx

SampleUnprivDeveloper.spc

The following topics provide additional information for developers using Microsoft Visual Studio 2008 and Windows Mobile 6.5.3 DTK:

Preparing a Device for Development

Deciding on the Type of Certificate to Sign an Application

Signing an Application During Day-to-Day Development

Signing a Cabinet File During Day-to-Day Development

Signing an Application or Cabinet File for Release to the Public

Testing How an Application Will Behave Under Different Security Configurations

See Also

Concepts

Certificate Management in Windows Mobile Devices
Methods for Adding Root Certificates