A few weeks ago I wrote about constructing CertificateStore XML by hand. You have to open up the certificate in the browser, and export it as base64 XML, and it's a pain.
Here's a Powershell script that makes it much easier. Just pass it the name of a certificate file on the command line and it will output XML to add the certificate to the ROOT store. Then you can turn the XML into a CAB file, or add it to install XML, or process it in your application.
# CertificateStore template for adding a ROOT cert$certAddString = @"<wap-provisioningdoc> <characteristic type="CertificateStore"> <characteristic type="ROOT"> <characteristic type="{0}"> <parm name="EncodedCertificate" value=" {1} "/> </characteristic> </characteristic> </characteristic> </wap-provisioningdoc> "@
# Load in a .CER file from the command line$cert = get-pfxcertificate $args[0]
# get the thumbprint$certHash = $cert.GetCertHashString()
# Convert the encoded blob to base64 text$encodedCertificate = [Convert]::ToBase64String($cert.GetRawCertData())
# print those into our WAP xml template$outXml = $certAddString -f ($certHash, $encodedCertificate)
# finished - write the XML to the outbound pipelinewrite-object $outXml