Certificate for mobile phones

Where do I find and how do I transfer certificates for mobile phones?

Server 2003 SBS domain with exchange
LVL 1
rpmcclyAsked:
Who is Participating?
 
Robert_TurnerConnect With a Mentor Commented:
Open Windows Explorer and navigate to \\WindowsSBSServerName\ClientApps\SBScert
Connect the Windows Mobile device to the computer
Copy the cert to the memory of the MobileDevice
Remove the mobile device from USB.
Using file explorer on the mobile device, browse to the SBSCert, open the context menu and select install.
0
 
Sanjay SantokiCommented:
Hello,

Are you using self-sign certificate or genuine certificate?  You can get answer if you open outlook web access through HTTPS.

e.g. https://servername/owa

Once you open OWA, your browser pop up certificate warning if you are using self sign certificate.

Basically, you need to transfer domain name certificate and CA root certificate in case of self-sign certificate.

On the CA server, Start -> Run -> MMC -> Files - Add/remove Snap-ins -> Select Certificate Authority -> Local Computer -> right click on the server name -> Properties -> View certificate -> Details ->
Copy to file -> next -> next -> finish

Now you have CA-root certificate file. You have to export SSL certificate file as well.

Issued Certificate -> find your certificate -> double click on certificate and follow rest steps identical to above from copy to file steps.

Above post seems lengthy. Hope you understand.

Regards
Sanjay Santoki
0
 
rpmcclyAuthor Commented:
Yes we can use OWA but its not server/owa - I assume that doesnt matter, we go to remote.server.com, login and then go to owa via remote web workplace.

When I try to use OWA it doesnt ask for a cert, is the self-sign unique for each connection then? I think we only have one, not sure that helps.

Will those steps assign a new certificate or can we use the current one, I don't want all the other phones to stop working if it assigns a new one. How do we get it on the phone?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
rpmcclyAuthor Commented:
we have nothing in the mmc. I know I have seen certificate stuff somewhere before, where do I find your:

"Issued Certificate -> find your certificate -> double click on certificate and follow rest steps identical to above from copy to file steps."

0
 
rpmcclyAuthor Commented:
If I say start menu > admin tools > certificate authority > it says:

 "The specified service does not exist as an isntalled service. 0x424 (WIN32: 1060)"
0
 
Sanjay SantokiCommented:
Hello,

At this stage it seems, you don't have certificate bind with outlook web access. However, you can further be sure by the following below steps.

Open IIS manager -> Right Click on 'Default Web Site' -> Security -> Take a screen shot and share it with me

Regards,
Sanjay Santoki
0
 
rpmcclyAuthor Commented:
We have one, it says there is a private one associated with it.

 Cert Screenshot
0
 
Sanjay SantokiCommented:
Hello,

I see you have erase name of issued by and issued to which required to assist you further.

If I say, you have to perform export certificate steps on the server which found in issued by

Also, can you please share status of certificate authority service?

Regards,
Sanjay Santoki
0
 
rpmcclyAuthor Commented:
Where do you export the certificate and can you export it directly to a phone somehow? The issued to and issued by is obviously our server but I dont see why you'd need it. Just call it server.
0
 
Alan HardistyCo-OwnerCommented:
To install the certificate, you need to export it first via IIS Manager on the server.

Open up IIS Manager, expand Web Sites, then right-click on your Default Web Site and choose properties, then click on the Directory Security Tab, then the View Certificate button, then on the Details Tab of the Certificate Windows.

On the Details Tab, click on Copy To File, click Next, Next, Next, Choose the name and location for the certificate file (Desktop should be easy to find and certificate.cer for the name) then click Next and then Finish.

Copy the certificate.cer file to the computer on a USB stick and then do the following:

Open up Internet Explorer, Click on Tools, Internet Options, Content Tab, Certificate Button, Trusted Root Certification Authorities Tab.  Click Import, Next, Browse to the certificate.cer file on the USB stick and click next, Select 'Place all certificates in the following store' and click Browse, check the Show Physical Stores Box and then select Trusted Root Certification Authorities Folder (Expand it) and then choose Registry and click OK.  Click Next and then Finish.  Click OK on the next prompt.
0
 
rpmcclyAuthor Commented:
Great thanks Alan, but does that transfer to the phone? Can you import it the same way to use with RDP too?
0
 
Alan HardistyCo-OwnerCommented:
You can copy the file to the phone and install it from there - but it might depend on the phone.  What sort do you have?

Yes for RDP too.
0
 
rpmcclyAuthor Commented:
The one in question is an iphone but there are all kinds of phones that would use it. Android/blackberry/palm...you name it. How do you transfer it to them without a usb cord?
0
 
Alan HardistyCo-OwnerCommented:
Great - with an iPhone you don't have to install the certificate - you just click Accept and off you go.

Can't talk about Android's / Blackberries - don't use them and never going to!!

Windows Mobile phones need them installed and you need to do that via a USB cable.
0
 
rpmcclyAuthor Commented:
THANK YOU! I knew it would be easy, just needed the right expert!
0
 
rpmcclyAuthor Commented:
ok that works on the windows phones but I think Android/iPhone do it automatically. I haven't tried a blackberry but I know the older models had to do it this way. You can use SSL without having to do this with Android/iPhone but Andoid won't "verify" the cert but will still use a secure connection while iPhone doesn't have the verify feature, only the SSL option.
0
 
Robert_TurnerCommented:
Yes that is only for windows phones, it's a bit of a pain.

Exchange 2003 does not use SSL by default, disable it in the Iphone Exchange account.  Then verify it.

I haven't set up an android in a while but If I remember correctly you have to manually tell the phone to trust the certificate, you should be able to view the certificate upon the warning.

I've personally started to use Third Party certificates over the self issued, it's less hassle, especialy more so in newer versions of SBS.

Thanks for the accepted answer.
0
 
Alan HardistyCo-OwnerCommented:
"Exchange 2003 does not use SSL by default" - for what exactly?   Please expand on this comment.
0
 
Robert_TurnerCommented:
Apologies, I should be more specific.  I was reffering to SBS03 and ActiveSync connections specifically.  SSL is core to the operation of the later versions of Exchange.  

SSL's and IIS isn't one of my strong points but my understading is with Exchange 2003 and SBS03 ActiveSync connections run through port 80 without SSL enforced by default.  If you don't open up port 80 and don't disable SSL on an Iphone for example it will not function.

0
 
Alan HardistyCo-OwnerCommented:
Nope - not correct.  SSL is enabled by default for SBS03 and Exchange 2003 - you have to disable it to use port 80 - which is not in the least bit recommended.
0
 
Robert_TurnerCommented:
For which service, ActiveSync, OWA, POP, IMAP etc?  Because these are all individual matters.

I'm concerned specifically with activesync as is this topic.  Why then, with default exchange settings, do I have to disable SSL on an Iphone to get an ActiveSync connection to work?  Is it is a case that is simply doesn't enforce it if I choose to disable it on the Iphone?  If I am missing something I would like to know.  Not that I'm installing asmany SBS03 as I used to.
0
 
Alan HardistyCo-OwnerCommented:
SBS uses SSL by default on the Exchange virtual Directory (the only directory with this enabled that Activesync uses).  Exchange 2003 has SSL enabled on the Microsoft-Server-Activesync virtual directory only, unless Forms Based Authentication is enabled, in which case the Exchange Virtual Directory has SSL enabled also and you need to create the Exchange-OMA virtual Directory to handle the internal calls from the Microsoft-Server-Activesync virtual directory.

Have a read of my article for info:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
Robert_TurnerCommented:
Interesting article.  You learn something new every day.  Cheers.
0
 
Alan HardistyCo-OwnerCommented:
You are welcome.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.