GaryMetalle
Thu Mar 13 15:51:00 CDT 2008
I have tried provisioning the certs in a couple of ways but am currently
copying the *.cer files over as part of the install and then getting the user
to manually click on each of these certificates to install them. I could
install the sdkcerts.cab file but this involves installing two cabfiles and
is more work to do this in the short-term.
The tool.cab file btw comes with the Security Configuration Manager tool and
I guess is similar if not identical to the sdkcerts.cab that comes with the
WM5.0 and WM6 SDK.
Nothing still explains why on WM5.0 my services will auto-start but on WM6
they won't (even on a security disabled device); something has changed for
WM6 and I don't understand what or how to fix it (but do have a workaround).
I had a Treo 750 running WM5 that ran as expected (if certs installed then
services ran automatically). After I upgraded the Treo to WM6 and installed
the same software, the services stopped working.
I would look forward to any stuff that helps explain all this if you get
time :-) The MS documentation has some readable stuff such as"
http://msdn2.microsoft.com/en-us/library/bb158508.aspx
and
http://msdn2.microsoft.com/en-us/library/ms839681.aspx
but could do with an update for WM6 and some consistency regarding the names
of the certificate stores (SPC/intermediate, normal/untrusted etc).
"Simon Hart [MVP]" wrote:
> When you copy the cert how do you provision it? You shouldn't have to do
> anything with the pfx file. This file is used to sign your code, thats it.
> Not sure what the tool.cab file is that you refer to.
>
> The easiest way to provision your device in the field for LOB apps is to
> ship a CAB that has been built with a _setup.xml that contains the
> certificate store CSP (Configuration Service Provider) XML schema. Once the
> CAB file has been created using the CABWIZ.exe tool, all you have to do is
> run the CAB file on the device.
>
> Do a search for certificatestore CSP. I have been meaning to write a blog
> how to do this for some time...must do it ;)
> --
> Simon Hart
> Visual Developer - Device Application Development MVP
>
http://simonrhart.blogspot.com
>
>
> "Gary Metalle" wrote:
>
> > I have a couple of Windows services that need to be signed with the
> > priviliged certs in order to auto-start when the device boots up. I am
> > currently using the SDK certs for development but am having problems with WM6
> > in that the services won't auto-start.
> > All is fine for WM5 so I know the registry entries are ok. I have also
> > tested a plain service sample that doesn't do anything useful and that
> > doesn't load either on WM6.
> > If I use the MS Security Configuration manager to provision the certs to the
> > device then it all works but it doesn't if I just copy the two .cer files
> > over and manually install them. Also doesn't work if I do the same with the
> > .pfx files or copying the tool.cab file over and installing that.
> > I know I don't have this problem with WM5.0 because I tried it on a Treo 750
> > before I upgraded it to WM6 so something has changed with security in WM6.
> > As a workaround I have an app in the Startup folder that starts my services
> > but I shouldn't have to do this.
> > How can I find out exactly what the MS security configuration manager is
> > doing to provision the SDK certs on the device? It doesn't seem to be just
> > copying the tool.cab over to the device.