This post will explain how to install a root cert on a one tier device via a CAB file. For explanations of why you would want to add a root cert and alternate methods of doing so, see the discussion of root certs with Exchange ActiveSync. This method will work for any one-tier prompt device, including the Treo 700W and Motorola Q.
[8/11/06] An even easier way to create this XML is to use the tool here.
Open up the cert in explorer. You can do this by double clicking the .cer file, using the MMC snapin, or clicking through the SSL lock UI in IE.
If this is a certificate chain, then examine the root cert. Adding the leaf cert to the root store will not work.
Look at the thumbprint of the certificate. Save this string because you will need it later.
If you don't have the certificate on disk already, select "Copy Certificate" to export the certificate to the filesystem in Base-64 format.
Construct certificate XML using the store, thumbprint, and base64 encoded certificate blob. The XML for our example case would look like this:
<wap-provisioningdoc> <characteristic type="CertificateStore"> <characteristic type="ROOT" > <characteristic type="97817950d81c9670cc34d809cf794431367ef474"> <parm name="EncodedCertificate" value="MIICWjCCAcMCAgGlMA0GCSqGSIb3DQEBBAUAMHUxCzAJBgNVBAYTAlVTMRgwFgYDVQQKEw9HVEUgQ29ycG9yYXRpb24xJzAlBgNVBAsTHkdURSBDeWJlclRydXN0IFNvbHV0aW9ucywgSW5jLjEjMCEGA1UEAxMaR1RFIEN5YmVyVHJ1c3QgR2xvYmFsIFJvb3QwHhcNOTgwODEzMDAyOTAwWhcNMTgwODEzMjM1OTAwWjB1MQswCQYDVQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMScwJQYDVQQLEx5HVEUgQ3liZXJUcnVzdCBTb2x1dGlvbnMsIEluYy4xIzAhBgNVBAMTGkdURSBDeWJlclRydXN0IEdsb2JhbCBSb290MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCVD6C28FCc6HrHiM3dFw4usJTQGz0O9pTAipTHBsiQl8i4ZBp6fmw8U+E3KHNgf7KXUwefU/ltWJTSr41tiGeA5u2ylc9yMcqlHHK6XALnZELn+aks1joNrI1CqiQBOeacPwGFVw1Yh0X404Wqk2kmhXBIgD8SFcd5tB8FLztimQIDAQABMA0GCSqGSIb3DQEBBAUAA4GBAG3rGwnpXtlR22ciYaQqPEh346B8pt5zohQDhT37qw4wxYMWM4ETCJ57NE7fQMh017l93PR2VX2bY1QY6fDq81yx2YtCHrnAlU66+tXifPVoYb+O7AWXX1uw16OFNMQkpw0PlZPvy5TYnh+dXIVtx6quTx8itc2VrbqnzPmrC3p/"/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc>
Save the XML file as _setup.xml and make it into a cab file: makecab _setup.xml rootcert.cab
Now install the cab file on the device. You're done!