Preparing a Device for Development

Send Feedback

If your device is configured with security turned off, you do not need to install any certificate for signing your applications during development. If you have locked or third-party-signed, two-tier-prompt, or one-tier-prompt devices, you need to install the SDK certificates that you can use during development.

Locked or Third-Party-Signed Device

If you are using a physical device that has the Locked or Third-Party-Signed configuration, the only applications that will run are those applications that have been signed with a certificate in one of the device's certificate stores. The use of the certificates that are in the certificate stores is controlled completely by the OEM, the mobile operator, or Mobile2Market. Because these certificates are private (that is, their private keys are secret), you cannot use them to sign your application during day-to-day development. Instead, you need to install other certificates in the certificate store, and then sign your application with one of them. Microsoft ships a set of certificates (and private keys) in the Windows Mobile SDK for this purpose. You can find these certificates in the Tools directory and packaged in

The catch is that only trusted processes can install certificates. Therefore, the device manager (the OEM or mobile operator) must set up a developer program that you can use to install these certificates.

Two-Tier-Prompt Device

If your application needs to run trusted, you need to install the SDK certificates exactly as you would on a Locked or Third-Party-Signed device.

If your application does not need to run trusted, you do not need to install the SDK certificates because you can always respond affirmatively to the security prompts. However, to avoid the inconvenience of being prompted, you can install the SDK certificates exactly as you would on a Locked or Third-Party-Signed device.

Note that if you respond affirmatively to a prompt, you will not be prompted again for that module. But if you recompile, that recompiled module is considered a new module, and you will be prompted again.

One-Tier-Prompt Device

On a One-Tier-Prompt device, install the SDK certificates by running on the device. You can find this file in the Tools directory of the SDK.

On Pocket PC, use ActiveSync to copy to the device, and then open it in File Explorer. On Smartphone, use ActiveSync to copy it to \Windows\Start Menu\Accessories, navigate to Start\More\Accessories on the device, and then open the file.

Security-Off Device

On a Security-Off device, you do not need to install Note, however, that it is not recommended to use the Security-Off configuration, and it is unlikely there will be any retail devices that ship with this configuration.


The SDK certificates are prebuilt into the emulator, so you do not need to install them yourself.

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.