Certificate Improvements in Windows Mobile 6

As faithful blog readers already know, there were several limitations related to certificates that caused tons of customer pain on WM5. Now that WM6 is public, it gives me great pleasure to announce the following changes that we made in WM6:

  • Certificate Installer built into the platform
    • Installs CER, P7B, and PFX files
    • No more Access Denied messages.
    • Installs certs to the ROOT, Intermediate, and MY store
  • Wildcard Certificate support for SSL


Thanks for all your input and feedback on these issues. Several of the work items and design decisions involved in this were shaped or prioritized directly due to your feedback.


Some other minor tidbits:

  • The Intermediate ("CA") store shows up in the control panel now
  • Even more root certs installed by default
  • Delete will work from the control panel on any user-installed certs

Technical crunchy bits:

We added HKCU versions of the ROOT and CA stores where previously there was only the HKLM version. These stores don't require special trust to access - they can be accessed via unsigned code,  RAPI or any other method. The new certificate installer (CertInstaller.exe) installs certs into those stores.