Pocket PC 2002 uses the Microsoft Crypto API (CAPI) certificate store to store root certificates securely. The following applications use root certificates:
- Pocket Internet Explorer for Secure Sockets Layer (SSL) connections.
- Mobile Information Server (MIS) for server-based synchronization.
- Third party applications as necessary.
The Pocket PC 2002 device includes a limited number of root certificates. You can use the AddRootCert.exe sample application that is available in this article to add root certificates to the Pocket PC 2002 device.
There are two ways to use internal, SSL Web sites without warnings about untrusted certificates:
- Obtain a certificate from one of the four certificate authorities that are represented by the root certificates that are included on the device.
- Add your own root certificate onto the device.
Because MIS server synchronization requires that the root certificate of the MIS server be on the device or that you add your own root certificate onto the device, you have two implementation options for an MIS server:
- Obtain a Web server certificate from one of the four certificate authorities that exist in the Pocket PC read-only memory (ROM) for your MIS server.
- Use an application such as AddRootCert.exe to add the root certificate of your MIS server. You can add your own root certificate, or you can add the root certificate of a commercial certificate authority (CA) onto to all of the fielded devices.
Synchronization does not proceed unless the root certificate of the MIS server certificate exists on the device. (Note that the server certificate does not have to exist on the device if the server certificate's root is on the device.)
The root certificates that are included with the Pocket PC 2002 device represent the following certificate authorities:
- Verisign
- Cybertrust
- Thawte
- Entrust
The following table lists the certificate names.
Note The symbol names in the first column of this table are in the Resource.h file of the AddRootCert.exe sample source code.
Collapse this tableExpand this table
| Symbol Name | Certificate Authority |
|---|
| IDS_RSASSCA | Verisign/RSA Secure Server |
| IDS_VSCLASS1 | Verisign Class 1 Public Primary CA |
| IDS_VSCLASS2 | Verisign Class 2 Public Primary CA |
| IDS_VSCLASS3 | Verisign Class 3 Public Primary CA |
| IDS_VSCLASS3v2 | Verisign Class 3 Public Primary CA (2028) |
| IDS_CYBERTRUST | GTE Cybertrust ROOT |
| IDS_CYBERTRUSTv2 | GTE Cybertrust Solutions ROOT |
| IDS_THAWTE_SERVER_BASIC | Thawte Server CA |
| IDS_THAWTE_SERVER_PREMIUM | Thawte Premium Server CA |
| IDS_ENTRUST_SECURE_SERVER | Entrust.net Secure Server |
| IDS_ENTRUST_2K_SECURE_SERVER | Entrust.net CA (2048 bit) |
The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Release Date: July 8, 2002
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591
(http://support.microsoft.com/kb/119591/EN-US/
)
How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
The AddRootCert.exe sample application contains the following files:
Collapse this tableExpand this table
| File Name | Size |
|---|
| AddRootCert.cpp | 7 KB |
| AddRootCert.exe | 12 KB |
| AddRootCert.h | 3 KB |
| AddRootCert.ico | 2 KB |
| AddRootCert.rc | 5 KB |
| AddRootCert.vcp | 43 KB |
| AddRootCert.vcw | 1 KB |
| Cert.cpp | 1 KB |
| File.cpp | 8 KB |
| Init.cpp | 5 KB |
| Newres.h | 1 KB |
| ReadMe.txt | 2 KB |
| Resource.h | 2 KB |
| Stdafx.cpp | 1 KB |
| Stdafx.h | 3 KB |
| Toolbar.bmp | 1 KB |
| UserCerts.msc | 28 KB |
Back to the top
