Using Test Certificates During Development (Compact 2013)

3/28/2014

During development of your product, you can use test certificates to validate the signing and verification of binaries. You can then use these test certificates to sign debugging and development tools. By having separate test and shipping certificates, you can better manage and control the security of the certificates that the device is shipped with.

To use test certificates

  1. Place all the certificates together in a file named Ciroots_test.p7b.

  2. Put the Ciroots_test.p7b file in the FILES folder of the project or platform for the OS design.

  3. Set the variable IMGTESTCERTS=1 to tell the build system to include the Ciroots_test.p7b file, not the regular Ciroots.p7b file.

Example

You can also use the IMGTESTCERTS variable to direct signtool.exe to use the specific test certificate by changing the BUILDSIGN_CERTPATH or BUILDSIGN_CMDLINE variables to point to the test certificate path or test certificate name on the desktop computer.

If IMGTESTCERTS=1
  BUILDSIGN_CERTPATH=c:\certificates\codesign\TestCerts\TestCert1.pfx
Else 
  BUILDSIGN_CERTPATH=c:\certificates\codesign\ShipCerts\Trusted.pfx
Endif

See Also

Tasks

Signing Binaries
Adding Certificates to the Code Integrity Store

Other Resources

Security Loader