Share via

Adding certificates to the phone

  • Article

You can add certificates to the phone by using runtime configuration.

The following sample shows how to add root or self-signed certificates. You must set Certificate to an appropriate value.

<Settings Path="Certificates/System/$(CertificateHash)">
    <Setting Name="Certificate" Value="" />
</Settings>

The following sample shows how to add certificates from intermediary certification authorities. These certificates are used for building certificate chains. You must set Certificate to an appropriate value.

<Settings Path="Certificates/SystemAuthorities/$(CertificateHash)">
    <Setting Name="Certificate" Value="" />
</Settings>

Settings

The following settings are used to add certificates.

  • $(CertificateHash)
    Replace $(CertificateHash) with the SHA1 hash for the certificate. The 20-byte value of the SHA1 certificate hash is specified as a hexadecimal string value.

  • Certificate
    Specify the X.509 certificate as a Base64-encoded string. The Base-64 string value cannot include extra formatting characters such as embedded linefeeds, etc.

Converting certificates to a usable format

Certificates must be converted to a format that can be used on the phone. To convert a root certificate to a Base64-encoded X.509 certificate, you must complete the following steps.

  1. From your desktop computer, open Microsoft Management Console by clicking on Start, then Run, and typing mmc. Expand the Certificates - Current User node. If the node does not appear, you need to add the Certificates snap-in. For more information, see Microsoft Management Console Help.

  2. In the Certificates – Current User node, click Personal, and then click Certificates.

  3. On the Action menu, click All Tasks, and then click Import.

  4. Follow the onscreen instructions to import the root certificate, and then do the following:

    1. Import the root certificate file (.cer) as an X.509 Certificate (*.cer;*.crt) file.

    2. Add the imported root certificate to the Personal certificate store displayed in Microsoft Management Console.

  5. Choose the imported root certificate.

  6. On the Action menu, click All Tasks, and then click Export.

  7. Follow the onscreen instructions to export the root certificate, and then do the following:

    1. Export the root certificate as a Base-64 encoded X.509 (.CER) file.

    2. Save the exported certificate file in the same folder as the imported certificate file.

    When the certificates are ready to install, they can either be put on the phone with runtime configuration or provisioned over the air by using OMA Client Provisioning or OMA DM.

CertificateStore configuration service provider

 

 

Send comments about this topic to Microsoft