Certificate Management and Application Signing for Application Developers

Article
11/18/2015

4/8/2010

Windows Mobile devices are available in several security configurations. The typical configurations are locked, third-party signed, prompt, and security-off. For more information, see Selecting Security Configuration.

Depending on the device security configuration, independent software vendors (ISVs) and independent hardware vendors (IHVs) may need to have applications and cabinet files signed with a certificate that is installed on the device.

Starting in Windows Mobile 6.5, ISVs no longer need to sign drivers or service applications with a privileged certificate when the drivers or service applications are loaded at boot time in Windows Mobile Professional.

ISVs and IHVs can work with Mobile2Market partners that provide certificate authority and digital signature services for signing applications for Windows Mobile. For more information about the Mobile2Market Program see this Microsoft Web site.

Alternatively, ISVs and IHVs working with mobile operators during device development can have the operator sign the applications deployed with the device.

While developing and testing applications, you can create and use a test certificate. Or you can use test certificates available in Windows Mobile SDK. By default, the Windows Mobile SDK certificates are installed in the following folder:

C:\Program Files\Windows Mobile 6.5.3 DTK\Tools\Security\SDK Development Certificates

The following SDK test certificates are available:

FailsafeEmulator.cer

FailsafeEmulator.pfx

FailsafeEmulator.pvk

FailsafeEmulator.spc

SamplePrivDeveloper.cer

SamplePrivDeveloper.pfx

SamplePrivDeveloper.pvk

SamplePrivDeveloper.spc

SampleUnprivDeveloper.cer

SampleUnprivDeveloper.pvk