Personal Certificate Import Utility for Pocket PC
2003 and Windows
Jun 11, 2007
I have made three programs for Pocket PC 2003, Windows
Mobile 5.0 and Windows Mobile 6. These are P12imprt,
and Crtimprt. See below for a
comparison of the three programs and where to download them. All three
you to import:
A "Personal Certificate" issued by any Certificate Authority (CA).
A private key which corresponds to this certificate.
One, zero or more "Root Certificates".
Once an X.509 personal certificate is installed, you can use it to for
authentication on the Pocket PC. The imported certificate can be used
in the following
User authentication in L2TP/IPsec VPNs (more info).
Web client authentication in Pocket Internet Explorer (SSL,
HTTPS) (more info).
User authentication in 802.1x wireless networks (EAP-TLS only) (more info).
Microsoft Office Communicator Mobile Client (more info).
Sending and receiving encrypted e-mail (S/MIME) (more
Other third-party applications that happen to support personal
2.1 Differences between P12imprt, PFXimprt
I have made three programs, but I recommend P12imprt over the other
two. It is the easiest to use and it runs on Pocket PC 2003,
Windows Mobile 5.0 and Windows Mobile 6. It is a bit larger than the
other programs but
after you have installed your personal certificate you can simply
delete the executable or move it to your Storage Card (flash memory).
The following table compares the features of my three programs. They
are also compared to other methods supported by Microsoft:
In my opinion P12imprt has its advantages over
the other programs. PPCCertImport
by Kiko Vives
Aragonés and Antonia Saez Bernal is similar to Crtimprt, only it
is not based on Microsoft source code and it has a BSD-style licence.
I have not yet tried the certificate enrolment in Vista Mobile Device
Center. Apparently it requires Exchange server which increases the
cost of ownership.
(Sorry, I am not good at inventing names for programs. All my three
programs basically do the same thing and I came up with equivalent
2.1. Web enrolment, the MSFP update and ActiveSync 4.5
Web enrolment is the only method that is officially supported by
Microsoft. There are a number of implementations that can be used for
program or the
enrolment client included with the MSFP update.
and Security Feature Pack for Windows Mobile 5.0" (MSFP) is an AKU2
Windows Mobile 5.0 devices. More recent devices ship with this
update on board. The MSFP update add support for
S/MIME and it includes a web enrolment client which allows the Windows
Mobile 5.0 device to enrol for a personal certificate using an
Desktop ActiveSync connection to a PC. However, I have not been able to
get this working. There is some documentation but the setup is finicky
and difficult to troubleshoot.
ActiveSync 4.5 has a new "Get Device Certificates" menu option.
It works only with Windows Mobile 6 devices. The menu option remains
ghosted with other devices.
A third-party program called PKI
Companion by winlinx is available. I don't have much information on
it. They have not responded
to my repeated attempts to contact them, so I assume they are no longer
interested in offering their product on the market.