Faculties and centres
This web page and, above all, the source code published here is another way of doing what Jacco de Leeuw has explained in his site Pocket PC 2003 Personal Certificate Import Utility
When we wanted to connect a Pocket PC to a L2TP/IPSec VPN server we found two problems:
1.- The first one was that in the previous versions of windows mobile 2003 ( premium version ) IPSec was not supported, and we had to look for software developed by any private company. This has the disadvantage that that software works in a way that maybe is not what you really need ( i.e. IPSec without certificates ) or the language is not the one you use, so you have to wait until it is finished or fixed. Apart from that, almost always is not free software.
With windows mobile 2003 ( premium version only, be carefull because professional version does not support L2TP/IPSec VPN ) you can configure a L2TP/IPSec connection using certificates, which was exactly what we needed.
2.- The second problem was importing the certificates into the PPC. We needed to import a CA certificate and a Personal certificate ( certificate + private key ). There was no problem with the CA certificate because it does not contain any private key so the PPC lets you import it ( anyway in the code is explained how to program this ). It is different with the personal certificate because this OS has no tool to do that but the "Enroll" tool and this was not what we needed because we were not using a Microsoft CA. So the only solution was programming this by ourselves.
A few months ago, I published a source code that could do this for the rest of Microsoft OS at Codeguru ( Security Certificate Treatment with CryptoAPI ) and this new tool is not very different from that. The different thing is that we have to change the format of the personal certificate before trying to import it separating this personal certificate into the private key and the certificate associated and then importing them separately. After importing the private key and the certificate associated we have to link this certificate to the CSP where that private key was imported.
To import the private key we need this to be in PVK format and we get this using Stephen Henson's PVK tool and for treating the PKCS12 original certificate we need OpenSSL ( either Win32 or Unix version ). Steps:
We decrypt and get the private key:
1.- openssl pkcs12 -nocerts -nodes -in cert.p12 -out private.pem
We get the certificate in PEM format:
2.- openssl pkcs12 -clcerts -nokeys -in cert.p12 -out cert.pem
We format the PEM private key into PVK format:
3.- pvk -in private.pem -topvk -nocrypt -out private.pvk
Once we have done this we copy these files to the Pocket PC ( the code below assumes that the files are in the Pocket PC temp folder ) and then we can import them with the code that follows. This code is for "eMbedded Visual C++ 4.0" and we have to link with "Crypt32.lib" in the Project settings if we want to compile it.
Here are the complete project. Code written by us and published here is free software, released under BSD license
If you want to use the source code just open it with "eMbedded Visual C++ 4.0" and compile it.
Kiko Vives Aragonés and Antonia Saez Bernal
February 20, 2004