Jaa

What certificate are you using for your Exchange server?

  • Artikkeli

I'm trying to gather some additional data to help address this problem. If you've had trouble syncing to the exchange server because you couldn't add root certs, can you please give me this information:

- Was this a self-signed certificate or was it purchased from an SSL vendor?

- If purchased, from which vendor?

- Did the CAB file method help you out? If not, what device do you have? I believe that method will work for most devices in the market, but I'm interested to know if any shipped in a configuration where that won't work and the operator/OEM haven't provided a solution.

Thanks for your input - my team has been working on solving this problem for future releases for quite some time now, but this information will help us further. I'll post the details about our work when the release becomes public information.

 

Thanks,

Scott

Comments

  • Anonymous
    July 06, 2006
    The comment has been removed

  • Anonymous
    July 06, 2006
    The one client I tried this with uses Self-signed SSL certs in an Exchange 2003 environment, and Audiovox phones with WM5 (sorry, I don't recall the model, it was the latest one at the time). We tried several variations on the CAB method described, no luck (This was a few months back, so there may be more info out now that I haven't seen).

    The customer was very disapointed, and ended up returning the phones to the vendor - who promptly put them in a drawer with a bunch of other ones, returned for the very same reason! So I've not had to try again.

    A college of mine has several Windows 2003 SBS boxes with various clients, and could not get any method to work either (Sorry, no details on which phones those were).

    RJ
    Seattle, WA

  • Anonymous
    July 06, 2006
    The comment has been removed

  • Anonymous
    July 06, 2006
    Oops, didn't finish my post. I tried running the exported cert (which wouldn't install, saying it was inaccessible) as well as the cab method shown above, which made no difference in the behavior.

    I have to turn off SSL in my server settings in the MDA in order to get server synchronization to work.

  • Anonymous
    July 06, 2006
    MJG - when you did the cab method, did it succeed? Did the cert show up in the control panel? When you look at the certificate chain in desktop IE, how many certs are there between the root and the server cert?

  • Anonymous
    July 06, 2006
    The comment has been removed

  • Anonymous
    July 07, 2006
    We use a cert from http://cert.startcom.org/ that is free. I just copy the file onto the devices, click on it to install and the smartphone (Cingular 2125) and PDAs (Dell Axims) work great.

  • Anonymous
    July 07, 2006
    scyost: The certificate does indeed show up in the certificate applet.
    Looking at the certification path, our cert (owa.fimc.net) is directly beneath the Equifax Secure Global eBusiness CA-1 cert.

  • Anonymous
    July 09, 2006
    Attempted CAB work around for a verizon XV6700 with a self signed cert.  Activesync still doesn't work.  Only difference I can see between added cert and preloaded root certs is under intended purpose(s).  Added cert says server authentication, preloaded say all purposes.

  • Anonymous
    July 10, 2006
    We use a self-signed cert.  I have a WM5 Smartphone. I had to use a free regedit tool to change some settings for the CAB method to work.

    Now it works fine.

  • Anonymous
    July 13, 2006
    Rory: I have found a few nice little tools that import certs into a WM5 device. It worked for me.

    http://www.jacco2.dds.nl/networking/p12imprt.html
    http://www.jacco2.dds.nl/networking/pfximprt.html
    http://www.jacco2.dds.nl/networking/crtimprt-org.html

  • Anonymous
    July 13, 2006
    I've used a variety of different certificates.

    Tried using self signed ones, but there was no method that I could get to work of putting the root onto an Orange C600...

    there are two InstantSSL root certs, you need to use the GTE one for it to work without changes to the WM5 device. I've also used the cheap certificate from Godaddy which is also in the built in root certs.

  • Anonymous
    July 13, 2006
    The comment has been removed

  • Anonymous
    July 14, 2006
    FreeSSL certificate
    Cingular 2125

  • Anonymous
    August 14, 2006
    I'm using a self-signed cert from Windows Certificate Server on Exchange 2003 an WM2003SE. Haven't had any problems once I loaded the root public cert onto the device.

  • Anonymous
    August 23, 2006
    The comment has been removed

  • Anonymous
    August 27, 2006
    I use a cert from my own CA, and I install it via the https://my.domain.com/certsrv interface. Works like a charm every single time.

    This is on both a WM2003 and WM5 PocketPC Phone, and I've installed the cert from both inside and outside my network. It's wonderful to be able to completely wipe the memory on the phone and have it back to the same status in about 20 minutes. (Assuming I've got my SD card with all my PPC software with me)

  • Anonymous
    August 31, 2006
    The comment has been removed

  • Anonymous
    September 23, 2006
    The comment has been removed

  • Anonymous
    October 22, 2006
    We use Startcom free SSL cert. The Root cert did install with the cab file method on a Qtek 9100 (AKU2) that was not locked. The intermediate cert did NOT install with the cab method, regardless if designated CA or ROOT in the _setup.xml file. Luckily both certs did install just by clicking on them (.cer).

  • Anonymous
    November 09, 2006
    Hi, There is a known issue where wildcard certificates are not supported.  This support should be added to WM5 and future devices.

  • Anonymous
    November 27, 2006
    The client auth bug that rain man mentions above is actually fixed in one of the AKU3 drops. (there are several flavors of AKU3)

  • Anonymous
    December 17, 2006
    Here you go: http://www.granitetek.com/faqs.htm This will walk you through syncing wm5 using non-std ssl certs

  • Anonymous
    March 13, 2007
    Equifax Secure Global eBusiness CA-1 exchange 2003, my moto q will not install the cert, not the cab version, it said security permissions were insufficient or Installation was unsuccessful.

  • Anonymous
    July 01, 2008
    I use rapidSSL and try to import the Geotrust "Root 5 - Equifax Secure Global eBusiness CA-1" needed for that certificate to be able to sync with Exchange. Importing the root certificate works great on our WM6 devices but is a pain on WM5 smartphone (HTC MTeor). I still have not got this to work as I am not allowed to install certificates on my device. Nor have I been able to find a regedit app that allows me to save changes made to the registry to disable the installation locks. It is just silly.

  • Anonymous
    September 18, 2008
    I want to download a windows mobile 6.0 certificate. kindly provide me the path for the same on my gmail account.. So i will be greatful to you all.. Thanks & regards Deepak

  • Anonymous
    November 09, 2008
    I have a HTC P4350 smarthone with Windows Mobile version 5. Before I used a self signed certificate which I also imported on my HTC device. This worked very well. No problems with synchronising. I just purchased a equifax certificate for my exchange server. After installing the equifax certificate the HTC device would not synchronise. Evidently this has to do with recognising the new certificate. Strangely enough when connecting with OMA protocol (using the build in internet explorer) the new equifax certificate does work. People in my office with a iPhone 3G device doesn't seem to have any problems with the new equifax certificate and synchronising. I've tried to uninstall (delete) the previous self signed certificate on the HTC devise so it would have no other option than to switch to the equifax certificate. Unfortunately this was no solution. Any ideas how to solve this problem?