Mobile Device Manager (MDM) Device Management Server, the
software-publishing computer, and the managed Windows Mobile device
must trust the signed .cab package in order to continue with the
software preparation and distribution process. This requires that
you install the certification authority certificate in the
appropriate certificate stores on every hardware platform. To
complete this for MDM Device Management Server and the
software-publishing computer, you must export the public
certification authority certificate from your domain enterprise
certification authority, and then import it into the trusted root
stores. For the managed Windows Mobile device, you must install the
certification authority certificate in the Software Publisher
Certificate (SPC) store and the Privileged Execution Trust
Authorities store through Group Policy. For information about
certificates in Windows Mobile, see
Certificates for Windows Mobileat this Microsoft Web site:
MDM Device Management Server and Publishing Computer
The following steps describe how to export the certification authority certificate from your domain enterprise certification authority.
To export the certification authority certificate
-
On the domain-joined server, open Internet Explorer and then type the URL for your certification authority. For example, if you received the server certificate from the certification authority that you configured earlier, type http://<server_name>/certsrv.
-
Choose Download a CA certificate, certificate chain, or CRL, and then on the following page, choose Download CA certificate. In the File downloadbox, choose Save this file to disk, and then choose OK.
-
In the Namebox, type a server certificate name, for example, certnewca.cer. Save the file to the desktop.
Important: |
---|
If this certificate is already available in the certificate store on a server or desktop, you can export it by using MMC. |
The following steps describe how to import the certification authority certificate into the Trusted Root Certification Authorities store.
Important: |
---|
You must import the certification authority certificate into the Trusted Root Certification Authorities store for both MDM Device Management Server and the software-publishing computer. |
To import the certification authority certificate
-
On the computer that is running MDM Device Management Server, or on the publishing computer, open MMC with the Certificates snap-in added.
Note: When you create the snap-in for Certificates, make sure that you select the Computer Accountoption and not the Serviceor Useroptions. -
Expand Trusted Root Certification Authorities, right-click Certificates, select All Tasks, and then select Import.
-
On the Welcome to the Certificate Import Wizard, choose Next.
-
On the File to Importpage, choose Browseand locate the certification authority certificate that you recently imported, and then choose Next.
-
On the Certificate Storepage, make sure that you select Place all certificates in the following storeand that Trusted Root Certification Authoritiesis visible in the Certificate Storesection. Choose Next.
-
Choose Finishto close the program.
Windows Mobile Powered Managed Device
You must import and install the .cer file for the managed Windows Mobile device in the SPC store and in the Privileged Execution Trust Authorities store. You can do this through the Group Policy Management Console (GPMC) on a computer or server that has the Group Policy Extensions installed. Use the following two procedure sets to complete this process.
The following steps describe how to import the certificates to the managed device stores.
To import the certificates to the SPC and Privileged Execution Trust Authorities store
-
In the GPMC, locate the organizational unit (OU) for the managed devices. Right-click the OU and then select Create and link a GPO here.
-
On the New GPOpage, type a name for the Group Policy object and then choose OK.
-
In the mobile devices OU list, select the newly created policy. Right-click the policy and then choose Edit.
-
In the Group Policy Object Editordialog box, expand Windows Mobile Settings.
-
Right-click Certificatesand then select Import Certificates.
-
In the Import Certificatedialog box, locate the .cer file that you want to import.
-
In the drop-down list, select the SPC (Manager)store.
-
Choose OK. The certificate is added to the list of certificates that is displayed in the details pane. The Actioncolumn will indicate Do Nothing.
-
Repeat steps 6 through 9 to import the .cer file into the Privileged Execution Trust Authorities store. The details pane displays both stores with the certification authority certificate imported. Do not close the Group Policy Object Editordialog box and go to the next procedure.
The following steps describe how to install the certificates in the SPC store and in the Privileged Execution Trust Authorities store.
To install the certificates
-
In the Group Policy Object Editordialog box, on the Certificatespage, the certificates that you imported in the previous procedure appear in the details pane. Right-click each certificate that you want to install, SPCand Privileged Execution Trust Authorities, and then choose Install on Device.
-
Confirm the selection by verifying that the Actioncolumn indicates Install.
-
Close the Group Policy Object Editor dialog box.