Preparing a Device for Development
4/8/2010
If your device is configured with security turned off, you do not need to install any certificate for signing your applications during development. If you have locked or third-party-signed, two-tier-prompt, or one-tier-prompt devices, you need to install the SDK certificates that you can use during development.
Locked or Third-Party-Signed Device
If you are using a physical device that has the Locked or Third-Party-Signed configuration, the only applications that will run are those applications that have been signed with a certificate in one of the device's certificate stores. The use of the certificates that are in the certificate stores is controlled completely by the OEM, the mobile operator, or Mobile2Market. Because these certificates are private (that is, their private keys are secret), you cannot use them to sign your application during day-to-day development. Instead, you need to install other certificates in the certificate store, and then sign your application with one of them. Microsoft ships a set of certificates (and private keys) in the Windows Mobile SDK for this purpose. You can find these certificates in the Tools directory and packaged in SdkCerts.cab.
The catch is that only privileged processes can install certificates. Therefore, the device manager (the OEM or mobile operator) must set up a developer program that you can use to install these certificates.
Two-Tier-Prompt Device
If your application needs to run privileged, you need to install the SDK certificates exactly as you would on a Locked or Third-Party-Signed device.
If your application does not need to run privileged, you do not need to install the SDK certificates because you can always respond affirmatively to the security prompts. However, to avoid the inconvenience of being prompted, you can install the SDK certificates exactly as you would on a Locked or Third-Party-Signed device.
Note that if you respond affirmatively to a prompt, you will not be prompted again for that module. But if you recompile, that recompiled module is considered a new module, and you will be prompted again.
One-Tier-Prompt Device
On a One-Tier-Prompt device, install the SDK certificates by running SdkCerts.cab on the device. You can find this file in the Tools directory of the SDK.
On Windows Mobile Professional and Windows Mobile Classic, use ActiveSync to copy SdkCerts.cab to the device, and then open it in File Explorer. On Windows Mobile Standard, use ActiveSync to copy it to \Windows\Start Menu\Accessories, navigate to Start\More\Accessories on the device, and then open the file.
Security-Off Device
On a Security-Off device, you do not need to install SdkCerts.cab. Note, however, that it is not recommended to use the Security-Off configuration, and it is unlikely there will be any retail devices that ship with this configuration.
Emulator
The SDK certificates are prebuilt into the emulator, so you do not need to install them yourself.