[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1118
  • Last Modified:

Push email, Exchange 2003, Smartphone running WM5, 2048 bit certificates


OK here it is. We have a certificate based mail system through Exchange 2003 SP2. Both OMA and OWA work fine using a 2048 bit certificate even on a smartphone.

However, when it comes to trying to Push Mail using Activesync, it all goes horribly wrong.

We enter in the server details into Activesync. Starts Sync process which prompts for a username and password (even though should be certificate based). It then throws a 0x85030028 or a 0x85030027 error saying that the certificate on the phone is either not there or invalid. One message was that the client certificate is malformed or invalid.

Have got a root cert installed together with the personal cert. Both of these are home grown and not from Verisign, etc.

Absolutely no idea what to do now except look at an expensive push solution (which I really don't want to do!). Could the reason be anything to do with the 2048 bit strength?

Enviroment: Windows 2003 (Mixed mode), Exchange 2003 SP2 (Mixed mode), Mobile Access enabled, Orange C600 Smartphone which is unlocked and able to have certificates installed on it, Activesync 4.1.

Certificates installed: Personal certificate from local CA. Root Certificate installed directly from CA server from smartphone. Certificate strength: 2048.

Thanks loads in advance.

1 Solution
Have to say that going for a 2048 bit certificate is a bit over the top. Have you tried it with a regular 128bit certificate?
Plus there will be speed issues - that is an awful lot to encrypt and the Windows Mobile devices are not the fastest processors in the world.

I would ditch the personal certificate and get a cheap SSL certificate from RapidSSL. You still have to import the root certificate, but for US$70 it makes things so much easier.


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now