You are currently offline, waiting for your internet to reconnect

Sample to Add Root Certificates to Pocket PC 2002

This article was previously published under Q322956
This article has been archived. It is offered "as is" and will no longer be updated.
Pocket PC 2002 uses the Microsoft Crypto API (CAPI) certificate store to store root certificates securely. The following applications use root certificates:
  • Pocket Internet Explorer for Secure Sockets Layer (SSL) connections.
  • Mobile Information Server (MIS) for server-based synchronization.
  • Third party applications as necessary.
The Pocket PC 2002 device includes a limited number of root certificates. You can use the AddRootCert.exe sample application that is available in this article to add root certificates to the Pocket PC 2002 device.
There are two ways to use internal, SSL Web sites without warnings about untrusted certificates:
  • Obtain a certificate from one of the four certificate authorities that are represented by the root certificates that are included on the device.
  • Add your own root certificate onto the device.
Because MIS server synchronization requires that the root certificate of the MIS server be on the device or that you add your own root certificate onto the device, you have two implementation options for an MIS server:
  • Obtain a Web server certificate from one of the four certificate authorities that exist in the Pocket PC read-only memory (ROM) for your MIS server.
  • Use an application such as AddRootCert.exe to add the root certificate of your MIS server. You can add your own root certificate, or you can add the root certificate of a commercial certificate authority (CA) onto to all of the fielded devices.
Synchronization does not proceed unless the root certificate of the MIS server certificate exists on the device. (Note that the server certificate does not have to exist on the device if the server certificate's root is on the device.)

The root certificates that are included with the Pocket PC 2002 device represent the following certificate authorities:
  • Verisign
  • Cybertrust
  • Thawte
  • Entrust
The following table lists the certificate names.

Note The symbol names in the first column of this table are in the Resource.h file of the AddRootCert.exe sample source code.

Symbol NameCertificate Authority
IDS_RSASSCAVerisign/RSA Secure Server
IDS_VSCLASS1Verisign Class 1 Public Primary CA
IDS_VSCLASS2Verisign Class 2 Public Primary CA
IDS_VSCLASS3Verisign Class 3 Public Primary CA
IDS_VSCLASS3v2Verisign Class 3 Public Primary CA (2028)
IDS_CYBERTRUSTv2GTE Cybertrust Solutions ROOT
IDS_THAWTE_SERVER_PREMIUMThawte Premium Server CA Secure Server CA (2048 bit)

The following file is available for download from the Microsoft Download Center:
Release Date: July 8, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.The AddRootCert.exe sample application contains the following files:

File NameSize
AddRootCert.cpp7 KB
AddRootCert.exe12 KB
AddRootCert.h3 KB
AddRootCert.ico2 KB
AddRootCert.rc5 KB
AddRootCert.vcp43 KB
AddRootCert.vcw1 KB
Cert.cpp1 KB
File.cpp8 KB
Init.cpp5 KB
Newres.h1 KB
ReadMe.txt2 KB
Resource.h2 KB
Stdafx.cpp1 KB
Stdafx.h3 KB
Toolbar.bmp1 KB
UserCerts.msc28 KB

Article ID: 322956 - Last Review: 12/07/2015 11:05:26 - Revision: 3.2

Microsoft Pocket PC 2002 Software Standard Edition, Microsoft Windows CE Platform Software Development Kit for Handheld PC 2000

  • kbnosurvey kbarchive kbfile kbinfo KB322956