Export (0) Print
Expand All
Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

Adding Intermediate Certificates to the CA Store

Windows Mobile 6.5
4/8/2010

When a Windows® phone connects to a Web server and authenticates by using Secure Sockets Layer (SSL), the client must validate the server's SSL certificate. In most cases, the certificate chains to a root certificate that the client has specified in the local device root store. For more information, see Certificate Chains.

Even if the client has the correct root certificate for server validation, validation will fail if the client does not have access to the correct intermediate certificates to build the chain.

There are two ways for OEMs to ensure that the Windows® phone has access to the necessary intermediate certificates:

  • Intermediate certificates are stored locally in the CA or ROOT store of the device.
Ff599626.note(en-us,MSDN.10).gifNote:
CA is where intermediate certificates should be stored, but ROOT will also work.
  • The Web server is configured to support SSL 3.0 standard Transport Layer Security (TLS) where the certificate_list provided to the client can include intermediate certificates, in addition to the server's own certificates.

The Internet Information Services (IIS) administrator must add the intermediate certificates to the local machine certificate store with the name "Intermediate Certification Authorities." By adding all the intermediates to this store, IIS (running Secure Channel, or SChannel) will add the intermediate certificates to the certificate list.

Ff599626.note(en-us,MSDN.10).gifNote:
The certificate_list cannot include the root certificate, because it must be included in the local device root store.

Community Additions

Show:
© 2015 Microsoft