Device Certificate Management Overview
The Certificate Management pane is the part of the Device Security Manager that is used to view, add, and remove certificates for Windows Mobile devices and emulators. To see the Certificate Management pane, click Device Security Manager on the Tools Menu and then click Certificate Management.
Certificate Stores on Windows Mobile Devices
There are six certificate stores for Windows Mobile-based devices, and the Certificate Management pane provides access to three of them: PrivilegedStore, StandardStore, and SPC Store. For information about how to manage certificates, see How to: View/Add/Remove Certificates (Devices). The following table provides details about the certificate stores.
Certificate Store |
Description |
|---|---|
Privileged Store |
Formally known as the Privileged Execution Trust Authorities Store, this certificate store contains the Privileged Trust Certificates. Applications signed with these certificates run with the Privileged trust level. For more information about trust levels, see Application Trust Levels. |
Standard Store |
Formally known as the Unprivileged Execution Trust Authorities Store, this certificate store contains the Unprivileged Trust Certificates. Applications signed with these certificates run with the Normal trust level. |
SPC Store |
Formally known as the Software Publishing Certificates Store, this certificate store contains certificates for signing cabinet (CAB) files, and for assigning the correct security role to the application installation. |
How Certificates affect Application Execution
When you execute a signed application or CAB, the application loader determines whether the application or cab is signed with a certificate in your store. There are three possible scenarios:
The application or CAB is signed with a certificate that is in the Privileged Store and will execute with privileged trust level.
The application or CAB is signed with a certificate that is in the standard store. If the device has a two-tier security model, the application executes in Normal trust level with limited to access to certain APIs and registry keys. Otherwise, the device has a one-tier security model and the application executes in Privileged trust level with full rights. For a list of restricted system APIs and registry keys, see Trusted APIs.
The application or CAB is signed with a certificate that is not in any certificate store. The application will execute only if your device’s security policy permits the execution of unsigned applications.
Note
Privileged trust level is also known as trusted execution. Normal trust level is also known as untrusted execution.
Certificate Properties and Fields
Property |
Description |
|---|---|
Issuer |
Name of the certification authority which issued the certificate. |
Serial Number |
Serial number of the certificate. This number is assigned by the issuer and is unique in the issuer's list of issued certificates. |
SHA-1 Hash |
The digital signature of the certificate produced by the certificate authority's private key. |
Issued By |
The source that provided the certificate. |
Issued To |
The owner of the certificate. |
Valid To |
End date of the certificate's validity. |
Valid From |
Start date of the certificate's validity. |
Hash |
The digital signature of the certificate, produced by the certificate authority's private key. |
Role |
An identifier that enforces security settings and determines the access level for a certificate. For more information, see Security Roles. |
EncodedCertificateValue |
An identifier that tracks the validity of the certificate against the certificate revocation lists (CRLs). |
See Also
Tasks
How to: Install SQL Server Compact 3.5 on a Device