Importing a home-grown certificate onto Windosw Mobile 5 from SBS 2003 server for activesync

I'm going round and round in circles here, and I suspect part of the problem is that the procedure has changed for the latest versions of activesync (4.1) and SBS2003 exchange with current service packs.  Anyway, I am trying to get my PDA/Phone to do activesync with my PC for with the exchange server (latter using wireless network).  result: The security certificate on the server is invalid. contact yuor adminsitrator etc etc.

I created my own certificate on the server (don't remember the process now) and I think all that is required is to export it from the server, and import it onto the phone....... but cannot for the life of me find out how to do it.  I came across a tool but this seems to be for previous versions.  Someone able to simplify this minefield for me please?
MegabenAsked:
Who is Participating?
 
SaineolaiConnect With a Mentor Commented:
Have a read of this Microsoft Blog it exlains your options on WM 5.

http://blogs.msdn.com/windowsmobile/archive/2005/11/03/488924.aspx
0
 
suppsawsConnect With a Mentor Commented:
Hi Megaben,

The certificate is created through the ICW (internet connection wizard) on the server management tool.
You can find the certificate under \ClientApps\SBScert on your server
Copy that cert to you phone, and doubleclick it.
Make sure you are using your FQDN or external IP on the ICW wizard (you can always rerun it is necessary)
If you phone still doesn't accept the cert, please let me know, I have another method for it to work.

Cheers!
0
 
MegabenAuthor Commented:
Thanks suppsawa, found original certificate and copied it to the phone 1st, didn't work.  created a new one with the external address and same problem.

I'm not sure if the certificate needs to be copied to anywhere in particular, I put it in the windows\activesync folder, however the ror in both cases was "cannot access certificate"
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
SaineolaiCommented:
Which version of Windows Mobile are you using 2003, 2003 second edition, 2005 etc?  
0
 
SaineolaiCommented:
sorry just reread the title!  
0
 
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
It's really not a minefield... if you've deployed ActiveSync through your SBS then you should have a "Configure Mobile Device" link under Start > All Programs > Small Business Server Tools.  Connect your device to your PC and then run this configuration tool, which should automatically install the proper certificate.

Details about this are here:  http://www.microsoft.com/technet/itsolutions/smbiz/sitmob/sitmob_6.mspx

HOWEVER... your mobile provider/device may not recognize self signed certificates... as an example:
http://msmvps.com/blogs/bradley/archive/2006/05/01/93136.aspx

In that case you can either get a 3rd party certificate, or if you aren't concerned with the security issue, you can disable the certificate check:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D88753B8-8B3A-4F1D-8E94-530A67614DF1&displaylang=en

Jeff
TechSoEasy


0
 
SaineolaiCommented:

As far as I know the disable cert check tool will not work on Windows Mobile 2005.  Have you had a different experience of this tool TechSoEasy?
0
 
MegabenAuthor Commented:
TechSoEasy - I'm sure disable cert check wont work on WM5, more interesting was your "Configure MobileDevice" link - but I can't see that anywhere on the server - you seem to suggest Deploy Active Sync thru SBS...what does this mean?  I don't recall doing anything on the server relating to activesync - the user properties etc under active directory/exhange features are set to enabled for all mobile access options...is there a step I've missed here?
0
 
SaineolaiCommented:
The configure mobile device link should be on the client if you have assigned ActiveSync when adding users and pcs to the network through the add users and computers wizard.

0
 
Jeffrey Kane - TechSoEasyConnect With a Mentor Principal ConsultantCommented:
0
 
MegabenAuthor Commented:
Well I got it to work, with a combination of suggestions from above and info gleaned from the various articles in the links.  Bottom line was to use the Windows XP PC I.E. to export the certificate, and then copy that to the PDA - double-clicking then installed the certificate happily (as opposed to the one created on the server, whcih it would not accept)

Thanks all,

Ben
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.