11/11/2008

Mobile Device Manager (MDM) Device Management Server, the software-publishing computer, and the managed Windows Mobile device must trust the signed .cab package in order to continue with the software preparation and distribution process. This requires that you install the certification authority certificate in the appropriate certificate stores on every hardware platform. To complete this for MDM Device Management Server and the software-publishing computer, you must export the public certification authority certificate from your domain enterprise certification authority, and then import it into the trusted root stores. For the managed Windows Mobile device, you must install the certification authority certificate in the Software Publisher Certificate (SPC) store and the Privileged Execution Trust Authorities store through Group Policy. For information about certificates in Windows Mobile, see Certificates for Windows Mobileat this Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=114083 .

MDM Device Management Server and Publishing Computer

The following steps describe how to export the certification authority certificate from your domain enterprise certification authority.

To export the certification authority certificate

  1. On the domain-joined server, open Internet Explorer and then type the URL for your certification authority. For example, if you received the server certificate from the certification authority that you configured earlier, type http://<server_name>/certsrv.

  2. Choose Download a CA certificate, certificate chain, or CRL, and then on the following page, choose Download CA certificate. In the File downloadbox, choose Save this file to disk, and then choose OK.

  3. In the Namebox, type a server certificate name, for example, certnewca.cer. Save the file to the desktop.

Important:
If this certificate is already available in the certificate store on a server or desktop, you can export it by using MMC.

The following steps describe how to import the certification authority certificate into the Trusted Root Certification Authorities store.

Important:
You must import the certification authority certificate into the Trusted Root Certification Authorities store for both MDM Device Management Server and the software-publishing computer.

To import the certification authority certificate

  1. On the computer that is running MDM Device Management Server, or on the publishing computer, open MMC with the Certificates snap-in added.

    Note:
    When you create the snap-in for Certificates, make sure that you select the Computer Accountoption and not the Serviceor Useroptions.
  2. Expand Trusted Root Certification Authorities, right-click Certificates, select All Tasks, and then select Import.

  3. On the Welcome to the Certificate Import Wizard, choose Next.

  4. On the File to Importpage, choose Browseand locate the certification authority certificate that you recently imported, and then choose Next.

  5. On the Certificate Storepage, make sure that you select Place all certificates in the following storeand that Trusted Root Certification Authoritiesis visible in the Certificate Storesection. Choose Next.

  6. Choose Finishto close the program.

Windows Mobile Powered Managed Device

You must import and install the .cer file for the managed Windows Mobile device in the SPC store and in the Privileged Execution Trust Authorities store. You can do this through the Group Policy Management Console (GPMC) on a computer or server that has the Group Policy Extensions installed. Use the following two procedure sets to complete this process.

The following steps describe how to import the certificates to the managed device stores.

To import the certificates to the SPC and Privileged Execution Trust Authorities store

  1. In the GPMC, locate the organizational unit (OU) for the managed devices. Right-click the OU and then select Create and link a GPO here.

  2. On the New GPOpage, type a name for the Group Policy object and then choose OK.

  3. In the mobile devices OU list, select the newly created policy. Right-click the policy and then choose Edit.

  4. In the Group Policy Object Editordialog box, expand Windows Mobile Settings.

  5. Right-click Certificatesand then select Import Certificates.

  6. In the Import Certificatedialog box, locate the .cer file that you want to import.

  7. In the drop-down list, select the SPC (Manager)store.

  8. Choose OK. The certificate is added to the list of certificates that is displayed in the details pane. The Actioncolumn will indicate Do Nothing.

  9. Repeat steps 6 through 9 to import the .cer file into the Privileged Execution Trust Authorities store. The details pane displays both stores with the certification authority certificate imported. Do not close the Group Policy Object Editordialog box and go to the next procedure.

The following steps describe how to install the certificates in the SPC store and in the Privileged Execution Trust Authorities store.

To install the certificates

  1. In the Group Policy Object Editordialog box, on the Certificatespage, the certificates that you imported in the previous procedure appear in the details pane. Right-click each certificate that you want to install, SPCand Privileged Execution Trust Authorities, and then choose Install on Device.

  2. Confirm the selection by verifying that the Actioncolumn indicates Install.

  3. Close the Group Policy Object Editor dialog box.

See Also