1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

How to add your own root cert via CAB file

This post will explain how to install a root cert on a one tier device via a CAB file. You need to install root cert via CAB file for many tier one mobile. You may need to install certs with Exchange ActiveSync. This method will work for any one-tier prompt device, including the Treo 700W and Motorola Q.

Open up the cert in explorer. You can do this by double clicking the .cer file, using the MMC snapin, or clicking through the SSL lock UI in IE.

If this is a certificate chain, then examine the root cert. adding the leaf cert to the root store will not work.

Look at the thumbprint of the certificate. Save this string because you will need it later.

sslcertificate
sslcertificate
ssl-certificate
ssl-certificate

If you don’t have the certificate on disk already, select “Copy Certificate” to export the certificate to the file system in Base-64 format.

certificate-export
certificate-export
ssl-certificate-xml
ssl-certificate-xml

Construct certificate XML using the store, thumbprint, and base64 encoded certificate blob. The XML for our example case would look like this:

<wap-provisioningdoc>
<characteristic type=”CertificateStore”>
<characteristic type=”ROOT” >
<characteristic type=”198d82085972f50ae233f12e9e33456a33a83b34″>
<parm name=”EncodedCertificate” value=”
MIIDUzCCArygAwIBAgIDCeH5MA0GCSqGSIb3DQEBBAUAMFoxCzAJBgNVBAYTAlVT
MRwwGgYDVQQKExNFcXVpZmF4IFNlY3VyZSBJbmMuMS0wKwYDVQQDEyRFcXVpZmF4
IFNlY3VyZSBHbG9iYWwgZUJ1c2luZXNzIENBLTEwHhcNMDgxMTEwMjE1OTA1WhcN
MDkxMjExMjE1OTA1WjCBwjELMAkGA1UEBhMCVVMxHDAaBgNVBAoTE3d3dy50aGVz
c2xzdG9yZS5jb20xEzARBgNVBAsTCkdUMDg1NTAxOTMxMTAvBgNVBAsTKFNlZSB3
d3cucmFwaWRzc2wuY29tL3Jlc291cmNlcy9jcHMgKGMpMDgxLzAtBgNVBAsTJkRv
bWFpbiBDb250cm9sIFZhbGlkYXRlZCAtIFJhcGlkU1NMKFIpMRwwGgYDVQQDExN3
d3cudGhlc3Nsc3RvcmUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1
gtD9n+VrGNIm0UFk4b1ylcijRSMP1L79r4JhMGa/s7zzdIvlspYccm8F7lrYFzz/
0GLw7Ui/QqaS+7R7T+k6nTGTSJBTmzg3MBSeL+8JXfrYdtjpSrcUKbODO1b1zFtW
68yTUMXhkIDp8Qpe1zGL1KMtgwCtGkVlWXhwLJXg3QIDAQABo4G9MIG6MA4GA1Ud
DwEB/wQEAwIE8DAdBgNVHQ4EFgQUihU5RlbYr+BgOtV79hx0u7F+9o8wOwYDVR0f
BDQwMjAwoC6gLIYqaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9nbG9iYWxj
YTEuY3JsMB8GA1UdIwQYMBaAFL6ooHRyUGtEt8kj2Puo/7NXa2hsMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEB
BAUAA4GBAGk7/w54dxzguO36MxSETEoe2nL+n9IJXuZ00A/fYGE2C+IOVWCZQRTO
l4jnneCmpUR2azyNidvnHuOKZE/SOZX6SIlBel+tmO9wsQy0f6w2ZZWE50jzkbeK
MkurBhVNocsnpM1CYfWU5c9p6ZSg4Z0Em3XmtXW2L0BDjmEQF7qg/”/>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>

Save the XML file as _setup.xml and make it into a cab file: makecab _setup.xml rootcert.cab

wildcard-certificate
wildcard-certificate

Now install the cab file on the device. You’re done!