Exchange - Net Admin - Outlook
Windows Mobile - Windows

Contact - Director's Blog

Windows Mobile Home

Root SSL Certificate Deployment via Cabinet File

For this process, you will need to use a Windows XP workstation. You will need also need the root certificate for your SSL certificate provider. If the certificate you are using is a chained certificate, then make sure that you get the root, not the intermediate certificate.

Part One - Create the basic XML file.

Open a new notepad document and copy the contents of the box below in to that file.

<wap-provisioningdoc> <characteristic type="CertificateStore"> <characteristic type="ROOT"> <characteristic type="thumbprint of certificate"> <parm name="EncodedCertificate" value="certificate hash"/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>

Part Two - Get the certificate information and create the cabinet file

1. Open up the root certificate that you downloaded from the certificate supplier.
2. Click on the tab "Details".
3. In the list, scroll down until you see "thumbprint". Copy the contents of the entry in the lower box to a fresh notepad document. It should look something like this:
   
   
    
4. Remove the spaces between the characters, so that you get something like this:
   
   5d989cdb159611365165641b560fdbea2ac23ef1
    
5. Copy that line of number and characters and replace the line in the text copied from above "thumbprint of certificate", so that the line reads something like this:
   
   <characteristic type="5d989cdb159611365165641b560fdbea2ac23ef1">
    
6. Open another fresh notepad document and drag and drop the certificate file in to the notepad document. This should give you some text similar to this:
   
   
    
7. Copy everything between the
   -----BEGIN CERTIFICATE-----
   and
   -----END CERTIFICATE-----
   and paste it in to the file created in part one, in to the line with Encoded Certificate, replacing the entry "certificate hash. This should leave you with a line that looks like this:
   
   <parm name="EncodedCertificate" value="MIIEZDCCA0ygAwIBAgIQRL4Mi1AAJLQR0zYwS8AzdzANBgkqhkiG9w0BAQUFADCB
   ozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
   Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYDVQQLExho
   dHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VSRmlyc3Qt
   TmV0d29yayBBcHBsaWNhdGlvbnMwHhcNOTkwNzA5MTg0ODM5WhcNMTkwNzA5MTg1
   NzQ5WjCBozELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0
   IExha2UgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMSEwHwYD
   VQQLExhodHRwOi8vd3d3LnVzZXJ0cnVzdC5jb20xKzApBgNVBAMTIlVUTi1VU0VS
   Rmlyc3QtTmV0d29yayBBcHBsaWNhdGlvbnMwggEiMA0GCSqGSIb3DQEBAQUAA4IB
   DwAwggEKAoIBAQCz+5Gh5DZVhawGNFugmliy+LUPBXeDrjKxdpJo7CNKyXY/45y2
   N3kDuatpjQclthln5LAbGHNhSuh+zdMvZOOmfAz6F4CjDUeJT1FxL+78P/m4FoCH
   iZMlIJpDgmkkdihZNaEdwH+DBmQWICzTSaSFtMBhf1EI+GgVkYDLpdXuOzr0hARe
   YFmnjDRy7rh4xdE7EkpvfmUnuaRVxblvQ6TFHSyZwFKkeEwVs0CYCGtDxgGwenv1
   axwiP8vv/6jQOkt2FZ7S0cYu49tXGzKiuG/ohqY/cKvlcJKrRB5AUPuco2LkbG6g
   yN7igEL66S/ozjIEj3yNtxyjNTwV3Z7DrpelAgMBAAGjgZEwgY4wCwYDVR0PBAQD
   AgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPqGydvguul49Uuo1hXf8NPh
   ahQ8ME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9V
   VE4tVVNFUkZpcnN0LU5ldHdvcmtBcHBsaWNhdGlvbnMuY3JsMA0GCSqGSIb3DQEB
   BQUAA4IBAQCk8yXM0dSRgyLQzDKrm5ZONJFUICU0YV8qAhXhi6r/fWRRzwr/vH3Y
   IWp4yy9Rb/hCHTO967V7lMPDqaAt39EpHx3+jz+7qEUqf9FuVSTiuwL7MT++6Lzs
   QCv4AdRWOOTKRIK1YSAhZ2X28AvnNPilwpyjXEAfhZOVBt5P1CeptqX8Fs1zMT+4
   ZSfP1FMa8Kxun08FDAOBp4QpxFq9ZFdyrTvPNximmMatBrTcCKME1SmklpoSZ0qM
   YEWd8SOasACcaLWYUNPvji6SZbFIPiG+FTAqDbUMo2s/rn9X9R+WfN9v3YIwLGUb
   QErNaLly7HF27FSOH4UMAWr6pjisH8SE"/>
   
   If you don't get a file with the two Certificate lines, then the certificate is in the wrong format.
   Instead - open the certificate again, choose Details and then "Copy to File". Choose "Base-64 encoded X.509 (.cer)" as the format and save the file to your machine. Then open it in to notepad.
    
8. Save the file as "_setup.xml" - don't use any other name, as the import process will not work correctly on the Windows Mobile device. Make sure that you save the file in to a location that is easy to get to with a command line, as you will be running a process in the next step.
9. Drop in to a command prompt, change to the directory where you saved the _setup.xml file and then enter the following command:
   
   makecab _setup.xml file.cab
   
   replace file.cab with whatever you want to call the file, as long as the name ends in .cab
    

Part Three - Deploy the cabinet file

You have a couple of ways that you can deploy the finished cabinet file.

1. Simply copy it to the device and tap on the file. It will be automatically installed.
2. Make the file downloadable from a web site, perhaps your internal intranet.
   If you already have an SSL secured site, then you can take advantage of Pocket Internet Explorer being more forgiving over SSL certificates. Simply put a link to the cabinet file on to the SSL secured web site and give the URL to the users. They enter the link in to PIE, skip the warning and then tap on the cabinet file. It will be downloaded and installed automatically.