Cerificates for ssl communication to exchange 2007

hi all

i have certificates on my nokia N95 8Gb that i want on the exchange 2007 server to allow ssl communication for active sync, is it possible to copy a cert from the handheld to the exchange server and if so how, or do i have to purchase one of the same from the providers?

sorry i have been posting few questions on the matter and been quite vague in what i want - due to my lack of knowledge on the matter!! so any help appreciated!
LVL 2
meteorelecAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GibbsSupportCommented:
You can either issue a certificate your self on your exchange 2007 server, then copy the certificate to your hand held device.

Or you can purchase a certificate from any major provider and install it on your 2007 server for active sync.

Mobile devices have a pretty limited root certificate database, you will most likely  have to export the root certificate of what ever you choose to do and import it to your mobile device.

Certificates are pretty complicated and you cant just take a random root certificate and from your phone and throw it on your exchange server. You have to have your exchange server create a certificate request. That request is sent to you certificate vendor and your certificate is created with some very specific information pertaining only to your server.

That is what makes is secure, your server is the only one with that specific certificate. Root Certificates just tell your device that, YES VENDOR A IS A VALID CERTIFICATE COMPANY and THEY ISSUED THIS SERVERS CERTIFICATE.

does that make since?
0
meteorelecAuthor Commented:
but i thought the cert you issue from exchange does not work with active sync?

so what really is the point of the certificates on the mobile device? if you still need to export and import your own?



0
GibbsSupportCommented:
You can use a self issued certificate but you have to export your cert to your mobile device, so your device can recognize it as a valid cert. the only certificates on your mobile devices are the Root Certificates.

Certificates on your phone don't actually secure anything. They just validate the Issued Certificate on the server/domain your phone is trying to communicate with. So when your phone contacts your exchange server, your exchange server says "My Certificate was issued from Vendor ABC, this Certificate is for mail.mydomain.com and is valid through 2050."

Your phone then checks to see if Vendor ABC is listed in its root certificates. if it is, your phone will allow you communication with mail.mydomain.com. If its not listed the phone will not validate the server and you will not be able to connect.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

meteorelecAuthor Commented:
oh, starting to understand!

ok , i know this is a seperate question, but do you know how to create the certificate on exchange
2007?
0
GibbsSupportCommented:
Check this out
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx

be sure to read up fully on exchange certs before you proceed. 2007 is very dependent on certificates and SSL.
0
meteorelecAuthor Commented:
cheers GibbsSupport i have went a bit head first, will take a good read and attempt
0
meteorelecAuthor Commented:
GibbsSupport, it states the below in the link yoou gave
             
 Exchange ActiveSync: The self-signed certificate cannot be used to encrypt communications between Microsoft Exchange ActiveSync devices and the Exchange server. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party for use with Exchange ActiveSync.


so do i have to go 3rd party?
0
GibbsSupportCommented:
you cant use the self signed, that is the cert that exchange creates when it's being installed you can still issue a certificate via your domains certificate authority or go 3rd party

check on this, i haven't used it in 2007 so i am not sure if they can work with it. but i have used them for 2003 and they are free.

http://www.startssl.com/

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Smartphones

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.