This article was previously published under Q322956
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Pocket PC 2002 uses the Microsoft Crypto API (CAPI) certificate store to store root certificates securely. The following applications use root certificates:
Pocket Internet Explorer for Secure Sockets Layer (SSL) connections.
Mobile Information Server (MIS) for server-based synchronization.
Third party applications as necessary.
The Pocket PC 2002 device includes a limited number of root certificates. You can use the AddRootCert.exe sample application that is available in this article to add root certificates to the Pocket PC 2002 device.
There are two ways to use internal, SSL Web sites without warnings about untrusted certificates:
Obtain a certificate from one of the four certificate authorities that are represented by the root certificates that are included on the device.
Add your own root certificate onto the device.
Because MIS server synchronization requires that the root certificate of the MIS server be on the device or that you add your own root certificate onto the device, you have two implementation options for an MIS server:
Obtain a Web server certificate from one of the four certificate authorities that exist in the Pocket PC read-only memory (ROM) for your MIS server.
Use an application such as AddRootCert.exe to add the root certificate of your MIS server. You can add your own root certificate, or you can add the root certificate of a commercial certificate authority (CA) onto to all of the fielded devices.
Synchronization does not proceed unless the root certificate of the MIS server certificate exists on the device. (Note that the server certificate does not have to exist on the device if the server certificate's root is on the device.)
The root certificates that are included with the Pocket PC 2002 device represent the following certificate authorities:
The following table lists the certificate names.
Note The symbol names in the first column of this table are in the Resource.h file of the AddRootCert.exe sample source code.
Verisign/RSA Secure Server
Verisign Class 1 Public Primary CA
Verisign Class 2 Public Primary CA
Verisign Class 3 Public Primary CA
Verisign Class 3 Public Primary CA (2028)
GTE Cybertrust ROOT
GTE Cybertrust Solutions ROOT
Thawte Server CA
Thawte Premium Server CA
Entrust.net Secure Server
Entrust.net CA (2048 bit)
The following file is available for download from the Microsoft Download Center:
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.The AddRootCert.exe sample application contains the following files: