[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 377
  • Last Modified:

Importing a home-grown certificate onto Windosw Mobile 5 from SBS 2003 server for activesync

I'm going round and round in circles here, and I suspect part of the problem is that the procedure has changed for the latest versions of activesync (4.1) and SBS2003 exchange with current service packs.  Anyway, I am trying to get my PDA/Phone to do activesync with my PC for with the exchange server (latter using wireless network).  result: The security certificate on the server is invalid. contact yuor adminsitrator etc etc.

I created my own certificate on the server (don't remember the process now) and I think all that is required is to export it from the server, and import it onto the phone....... but cannot for the life of me find out how to do it.  I came across a tool but this seems to be for previous versions.  Someone able to simplify this minefield for me please?
0
Megaben
Asked:
Megaben
  • 5
  • 3
  • 2
  • +1
4 Solutions
 
suppsawsCommented:
Hi Megaben,

The certificate is created through the ICW (internet connection wizard) on the server management tool.
You can find the certificate under \ClientApps\SBScert on your server
Copy that cert to you phone, and doubleclick it.
Make sure you are using your FQDN or external IP on the ICW wizard (you can always rerun it is necessary)
If you phone still doesn't accept the cert, please let me know, I have another method for it to work.

Cheers!
0
 
MegabenAuthor Commented:
Thanks suppsawa, found original certificate and copied it to the phone 1st, didn't work.  created a new one with the external address and same problem.

I'm not sure if the certificate needs to be copied to anywhere in particular, I put it in the windows\activesync folder, however the ror in both cases was "cannot access certificate"
0
 
SaineolaiCommented:
Which version of Windows Mobile are you using 2003, 2003 second edition, 2005 etc?  
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
SaineolaiCommented:
sorry just reread the title!  
0
 
SaineolaiCommented:
Have a read of this Microsoft Blog it exlains your options on WM 5.

http://blogs.msdn.com/windowsmobile/archive/2005/11/03/488924.aspx
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
It's really not a minefield... if you've deployed ActiveSync through your SBS then you should have a "Configure Mobile Device" link under Start > All Programs > Small Business Server Tools.  Connect your device to your PC and then run this configuration tool, which should automatically install the proper certificate.

Details about this are here:  http://www.microsoft.com/technet/itsolutions/smbiz/sitmob/sitmob_6.mspx

HOWEVER... your mobile provider/device may not recognize self signed certificates... as an example:
http://msmvps.com/blogs/bradley/archive/2006/05/01/93136.aspx

In that case you can either get a 3rd party certificate, or if you aren't concerned with the security issue, you can disable the certificate check:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D88753B8-8B3A-4F1D-8E94-530A67614DF1&displaylang=en

Jeff
TechSoEasy


0
 
SaineolaiCommented:

As far as I know the disable cert check tool will not work on Windows Mobile 2005.  Have you had a different experience of this tool TechSoEasy?
0
 
MegabenAuthor Commented:
TechSoEasy - I'm sure disable cert check wont work on WM5, more interesting was your "Configure MobileDevice" link - but I can't see that anywhere on the server - you seem to suggest Deploy Active Sync thru SBS...what does this mean?  I don't recall doing anything on the server relating to activesync - the user properties etc under active directory/exhange features are set to enabled for all mobile access options...is there a step I've missed here?
0
 
SaineolaiCommented:
The configure mobile device link should be on the client if you have assigned ActiveSync when adding users and pcs to the network through the add users and computers wizard.

0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
0
 
MegabenAuthor Commented:
Well I got it to work, with a combination of suggestions from above and info gleaned from the various articles in the links.  Bottom line was to use the Windows XP PC I.E. to export the certificate, and then copy that to the PDA - double-clicking then installed the certificate happily (as opposed to the one created on the server, whcih it would not accept)

Thanks all,

Ben
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 5
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now