Microsoft KB Archive/322956

= Sample to Add Root Certificates to Pocket PC 2002 =

Article ID: 322956

Article Last Modified on 8/9/2004

-

APPLIES TO


 * Microsoft Pocket PC 2002 Software Standard Edition
 * Microsoft Windows CE Platform Software Development Kit for Handheld PC 2000

-



This article was previously published under Q322956



SUMMARY
Pocket PC 2002 uses the Microsoft Crypto API (CAPI) certificate store to store root certificates securely. The following applications use root certificates:
 * Pocket Internet Explorer for Secure Sockets Layer (SSL) connections.
 * Mobile Information Server (MIS) for server-based synchronization.
 * Third party applications as necessary.

The Pocket PC 2002 device includes a limited number of root certificates. You can use the AddRootCert.exe sample application that is available in this article to add root certificates to the Pocket PC 2002 device.



MORE INFORMATION
There are two ways to use internal, SSL Web sites without warnings about untrusted certificates:
 * Obtain a certificate from one of the four certificate authorities that are represented by the root certificates that are included on the device.
 * Add your own root certificate onto the device.

Because MIS server synchronization requires that the root certificate of the MIS server be on the device or that you add your own root certificate onto the device, you have two implementation options for an MIS server:
 * Obtain a Web server certificate from one of the four certificate authorities that exist in the Pocket PC read-only memory (ROM) for your MIS server.
 * Use an application such as AddRootCert.exe to add the root certificate of your MIS server. You can add your own root certificate, or you can add the root certificate of a commercial certificate authority (CA) onto to all of the fielded devices.

Synchronization does not proceed unless the root certificate of the MIS server certificate exists on the device. (Note that the server certificate does not have to exist on the device if the server certificate's root is on the device.)

The root certificates that are included with the Pocket PC 2002 device represent the following certificate authorities:
 * Verisign
 * Cybertrust
 * Thawte
 * Entrust

The following table lists the certificate names.

Note The symbol names in the first column of this table are in the Resource.h file of the AddRootCert.exe sample source code.

The following file is available for download from the Microsoft Download Center:

Download AddRootCert.exe now

Release Date: July 8, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. The AddRootCert.exe sample application contains the following files:

Additional query words: Addrootcert

Keywords: kbinfo kbfile KB322956

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.