1 out of 2 rated this helpful Rate this topic

CertInstaller Tool

Windows Mobile 6.5

4/8/2010

The CertInstaller command line tool (CertInstaller.exe) enables applications to script certificate installation operations.

Note:
Do not use the CertInstaller tool for standard certificate installation. Instead, click the certificates in the file explorer, as described in the Certificate Installer.

The CertInstaller tool (CertInstaller.exe) enables installation of certificates via various file formats:

.PFX/.P12 – Public-Key Cryptography Standards #12 (PKCS #12) format files that include personal certificates with private keys as well as certificates that install into the intermediate and root certificate stores.
.CER – Base64-encoded or DER-encoded X.509 certificates that install into the intermediate and root certificate stores.
.P7B - Public-Key Cryptography Standards #7 (PKCS #7) format files that install multiple certificates to certificate stores on the device.

The primary use of the CertInstaller tool is to enable certificate deployment to devices in an environment that utilizes third party vendor PKI/enrollment. The CertInstaller tool installs certificates into the HKCU (Current user) “CA” and “ROOT” certificate stores while still running under SECROLE_USER_AUTH.

Syntax

Copy


certinstaller.exe [-p Password] [-silent] [-csp Provider] <CertFile>

Parameters

-p Password

The password to open the .PFX file.

Note:
If you do not specify a password, the user will need to enter it in the Password UI.

If the password has a space around it, enclose the password in double quotes. If the password contains double quotes or backslashes those must be escaped with a backslash. For example,

My password -> “My password”

My\password -> My\\Password

My”Password -> My\”Password

The best practice is to always double-quote the password, but it is only required when there is a space.

MyPassword -> “MyPassword”.

-silent: No UI will be shown from CertInstaller. However, if a root certificate is being added to the ROOT store, the user will receive a prompt to install the certificate.

-csp Provider

Specifies the Cryptographic Service Provider to use.

Note:
If you do not specify the Provider, the default provider in the registry will be used. If none is in the registry, the default provider, determined by CAPI, will be used.

CertFile: Specifies the location and filename of the .PFX, .P12, .P7B or .CER file to import.

Remarks

The CertInstaller tool is required mostly for the following cases:

Adding an S/MIME decryption certificate to the device that is used across multiple machines that all access the same e-mail account
Deployments that cannot leverage Windows Mobile Certificate Enroll because they do not use a Windows Certificate Server
Some high security organizations that generate all private keys on a special key generation server

PKCS12 files include personal certificates with private keys as well as certificates that install into the intermediate and root certificate stores.

Reference

Certificate Installer

Did you find this helpful? Yes No

Not accurate

Not enough depth

Need more code examples

(1500 characters remaining)

Community Content Add

FAQ

Where to find the certinstaller.exe

Searched everywhere on the internet can't find the certisntaller.exe anywhere?

History

5/10/2011
siskos