My company is interested in buying a code signing certificate. Our application actually consists of 2 complementary components: a desktop application and a Windows Mobile application designed to run on PDAs. Currently our mobile install (via CAB file) triggers the security prompts in Windows Mobile 6 and it is confusing to our users. We want to eliminate those security warnings.
I’ve read as much as I can about code signing and digital IDs, and I think your certificates would be fine for signing our desktop application. But I’m not so sure it’s going to fix our Windows Mobile problem.
According to this Microsoft article (Certificates for Windows Mobile 5.0 and Windows Mobile 6 | Microsoft Learn), Windows Mobile 6 comes with preinstalled root certificates for Comodo (AAA Certificate Services and AddTrust External CA Root). Indeed, I see these entries when I look at the Certificates control panel on my PDA. But I don’t see them listed when I browse the certificate stores via Visual Studio’s Mobile Security Manager; and it is in one of those stores (Privileged, Standard, and SPC) that a certificate must be to quiet the installation and execution security prompts. At least, this is my understanding.
So I’m seeking clarification on whether or not a code signing certificate from you will accomplish our goal. Keep in mind we do not want to provision any devices or install certificates to the device. We want to sign the CAB and code and forget about it.
I hope you can help me sort all of this out. This has turned out to be a lot more confusing than I anticipated it to be.
Regards,
Chris Bono
Saxaan Software