WP7CertInstaller 1.0.0.0 Prerequisites

WP7CertInstaller requires the Windows Phone Developer Tools along with the Windows Azure Tools for VS2010 1.3.  If you don’t have the Azure Tools installed you can uncomment the “#define NoAzureSDKInstalled” conditional compilation symbol at the top of WP7CertInstaller’s X509CertController.cs file, remove the reference to Microsoft.WindowsAzure.ServiceRuntime, and forgo using Azure by only deploying to IIS.

An SSL binding on the website you're using is required.  The Visual Studio web server (Cassini) does not support SSL so ensure the “Internet Information Services” Windows feature is turned on, i.e. IIS and ASP.NET are installed on the server you deploy WP7CertInstaller to.

The WP7CertInstaller project’s startup properties are set to use the localhost IIS web site.  When you initially open the project Visual Studio will prompt asking to create the WP7CertInstaller virtual directory in IIS; click the Yes button:

If you don’t see the dialog and the WP7CertInstaller project is unavailable then you can right clicking the project and select “Reload Project”.  Visual Studio will let you know what is preventing the project from loading.  On my server I got the following dialog and performing the instructions allowed me to reload the project.

Ensure the bindings of the website you’re using has an SSL certificate name matching your website’s host name.  WP7CertInstaller is coded to access localhost so either use an SSL certificate issued to localhost or modify the CertificateUrl string in MainPage.xaml.cs within the WP7CertInstallerExample project.

If you want to use localhost you can create a self-signed certificate using the following MakeCert command from within a Visual Studio Command Prompt window which you open using “Run as administrator”.

makecert -r -pe -n "CN=localhost" -b 01/01/2000 -e 01/01/2036 -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

“Run as administrator” is important or you’ll receive an error since the command is inserting the certificate into the Local Computer’s Personal Certificates folder.  Within MMC’s Certificate snap-in it looks like this:

From within the MMC Certificate snap-in copy and paste the localhost certificate to the Trusted Root Certification Authorities folder, which is directly below the Personal folder shown above.  This enables both IIS to use the localhost certificate for SSL and the browser to trust it.  Additionally WP7CertInstaller is written to enable download from the Trusted Root Certification Authorities folder when running outside of Azure.

Now you can configure the site’s https binding in IIS Manager to use the certificate; the important places to click are highlighted below.  If you don’t see https listed then click the Add button instead of Edit.

Now on to an explanation of how WP7CertInstaller works.