2010年10月29日 星期五

Create and use test certificate

When develop a service on window mobile, the service dll file need to be signed for services.exe to run it normally. Otherwise, your service cannot be run be services.exe when system start up. So, here is the topic of this post.

How to create a certificate for testing and development use?

Before I list the procedure, I need to declare first: There are still lot of things I don’t know in windows certification, this procedure it’s just a way I found I can finish my target only.

Ok, here we go…

First, create and install a test certificate on development machine. Virtual Studio provides a tool called makecert.exe can do such thing for you. And here is the comment I used.

makecert –pe –n “CN=Tim’s Dev Authority” –ss my –sky signature –r TimTestCA.cer

The detail parameter definitions you can refer to makcert.exe help page. I just make a brief here. The command create certificate file with private key exported (-pe) for signature (-sky), and the certificate will be installed on current user’s user store (-ss my).

Cause we will use this certificate to sign our service application, we need to install the certificate in our develop machine (parameter “–ss my“ do this for us, if you miss this parameter, you need to install the certificate before you use it to sign application).

Second, let’s install the CA on the mobile device. Actually, you can develop a application to install your CA on device, I had found some sample code on google. But that is too complex for my case.

VS2008 has provides UI to install certificate on your mobile device.

  1. Of course, connect your device
  2. VS2008, [工具] –> [裝置安全性管理員], connect to your device
  3. choice [憑證管理]
  4. click [新增憑證], you should see the CA “Tim’s Dev Authority” in pop up window, select and click OK button to install it

Finally, the CA is ready on device and your develop environment. It’s time to develop your service application and sign it with the CA.

VS2008 also provides the signtool.exe for the sign purpose. Here is the sample command:

signtool.exe sign /f TimTestCA.cer my_service.dll

You can use the generated “cer” file with “/f” option to sign your application (the “cer” must be install in your certification store).

Or, you can delete the TimTestCA.cer and sign your application using authentication name:

signtool.exe sign /i “Tim’s Dev Authority” /s my my_service.dll

The option “/i” is the certification name input when you create the certification in “makecert.exe”. In my sample, I install the certificate in personal user store (-ss my), so I indicate sign tool to find the certification from my user store (/s my) in this sample.

沒有留言:

張貼留言