Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles
(untagged)

Deploy Own Certificate Built in Our Application's Cab

0.00/5 (No votes)
20 Dec 2005 1  
Deploy own certificate built in our application's cab

Introduction

In my first article (Sign code), we've created our certificate to install on device and to sign our applications to run them as trusted.
In this article, we'll see how we can deploy our certificate inside our application's cab, so users don't have to install the certificate manually.

Step 1 - Sign the Files

The first step is to sign our .exes, .dlls and the other files of our application. To do this, we can use our RDAs or use the utility signtool.exe:

signtool.exe sign /f MyCert.pfx *.exe *.dll *.cpl  [....and so on] 

Step 2 - Include our Certificate in cab

In the first article, we've created _setup.xml which contains our certificate in wap-provisioningdoc format.
So now, we'll create a copy of _setup.xml and we'll rename it to Pre_MyCert.xml.
We'll remove the <?xml version="1.0" encoding="utf-8" ?> and <wap-provisioningdoc> tags.

The result will be:

<characteristic type="CertificateStore">
    <characteristic type="Privileged Execution Trust Authorities">
        <characteristic type="2bd9dd0aadf266f9810a1210a2052144bf2e3f22">
            <parm name="EncodedCertificate" 
	   value="MIIB8jCCAVugAwIBAgIQztL5fI8kyrFE9be6IfYcXTANBgkqhkiG9w0BAQQFADAS
MRAwDgYDVQQDEwdDcmlTb2Z0MCAXDTk5MTIzMTIzMDAwMFoYDzIwOTgxMjMxMjMw
MDAwWjASMRAwDgYDVQQDEwdDcmlTb2Z0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDSNfTSjNJy4zZKi9wen/9CLt1cwWcYIaIp4xIuDd9VIXy3hBj+FpL11E9d
O7Sa5FXcIo8P9WttLHkd9TS8GXUEJShU+b/JtPDQ3EvpuJcSpo0CEuAI3fr7+LpI
VtfZto+lA8/8Ch7cssZQqPaNClIP2+9DrR5l7t5XvCGLltfrcQIDAQABo0cwRTBD
BgNVHQEEPDA6gBDsxeAuaLF3Ax+fxz0bWdqvoRQwEjEQMA4GA1UEAxMHQ3JpU29m
dIIQztL5fI8kyrFE9be6IfYcXTANBgkqhkiG9w0BAQQFAAOBgQC2Tsg8FhGLhCgT
IxKEErFzZw1bNxrnxAjao3hkA2jtv3jGkejWMnnBODogUPbwnkxRTlmKEjBhFilt
P4c4djE4cDApXpnj26R7eX6PmhPmvJHRJP4JM8WEzq/saWyCBEyfhslSSKCVQeNS
SJZ6//5FFqAJIQZ8DklQpSP6mIG3mw==" />
        </characteristic>
    </characteristic>
</characteristic>
<characteristic type="CertificateStore">
    <characteristic type="SPC">
        <characteristic type="2bd9dd0aadf266f9810a1210a2052144bf2e3f22">
            <parm name="EncodedCertificate" 
	   value="MIIB8jCCAVugAwIBAgIQztL5fI8kyrFE9be6IfYcXTANBgkqhkiG9w0BAQQFADAS
MRAwDgYDVQQDEwdDcmlTb2Z0MCAXDTk5MTIzMTIzMDAwMFoYDzIwOTgxMjMxMjMw
MDAwWjASMRAwDgYDVQQDEwdDcmlTb2Z0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDSNfTSjNJy4zZKi9wen/9CLt1cwWcYIaIp4xIuDd9VIXy3hBj+FpL11E9d
O7Sa5FXcIo8P9WttLHkd9TS8GXUEJShU+b/JtPDQ3EvpuJcSpo0CEuAI3fr7+LpI
VtfZto+lA8/8Ch7cssZQqPaNClIP2+9DrR5l7t5XvCGLltfrcQIDAQABo0cwRTBD
BgNVHQEEPDA6gBDsxeAuaLF3Ax+fxz0bWdqvoRQwEjEQMA4GA1UEAxMHQ3JpU29m
dIIQztL5fI8kyrFE9be6IfYcXTANBgkqhkiG9w0BAQQFAAOBgQC2Tsg8FhGLhCgT
IxKEErFzZw1bNxrnxAjao3hkA2jtv3jGkejWMnnBODogUPbwnkxRTlmKEjBhFilt
P4c4djE4cDApXpnj26R7eX6PmhPmvJHRJP4JM8WEzq/saWyCBEyfhslSSKCVQeNS
SJZ6//5FFqAJIQZ8DklQpSP6mIG3mw==" />
            <parm name="Role" value="222" />
        </characteristic>
    </characteristic>
</characteristic>

Step 3 - Create the Cab

Ok, now we have the XML file and our signed application's files, so we can build our cab with this simple command line:

CabWiz.exe MyApp.inf /prexml PreXML_MyCert.xml" /err Error_MyApp.log /cpu ARM 

This is it! The output will be our cab with our application and our certificate is ready to install on the device.
For more information about .inf file to create cab, check out the MSDN library.

Related Links

History

  • 20/12/2005 - Initial article

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here