[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Certificate for mobile phones

Posted on 2011-05-10
25
Medium Priority
?
536 Views
Last Modified: 2012-05-11
Where do I find and how do I transfer certificates for mobile phones?

Server 2003 SBS domain with exchange
0
Comment
Question by:rpmccly
  • 9
  • 7
  • 5
  • +1
24 Comments
 
LVL 11

Expert Comment

by:Sanjay Santoki
ID: 35729218
Hello,

Are you using self-sign certificate or genuine certificate?  You can get answer if you open outlook web access through HTTPS.

e.g. https://servername/owa

Once you open OWA, your browser pop up certificate warning if you are using self sign certificate.

Basically, you need to transfer domain name certificate and CA root certificate in case of self-sign certificate.

On the CA server, Start -> Run -> MMC -> Files - Add/remove Snap-ins -> Select Certificate Authority -> Local Computer -> right click on the server name -> Properties -> View certificate -> Details ->
Copy to file -> next -> next -> finish

Now you have CA-root certificate file. You have to export SSL certificate file as well.

Issued Certificate -> find your certificate -> double click on certificate and follow rest steps identical to above from copy to file steps.

Above post seems lengthy. Hope you understand.

Regards
Sanjay Santoki
0
 
LVL 1

Author Comment

by:rpmccly
ID: 35729313
Yes we can use OWA but its not server/owa - I assume that doesnt matter, we go to remote.server.com, login and then go to owa via remote web workplace.

When I try to use OWA it doesnt ask for a cert, is the self-sign unique for each connection then? I think we only have one, not sure that helps.

Will those steps assign a new certificate or can we use the current one, I don't want all the other phones to stop working if it assigns a new one. How do we get it on the phone?
0
 
LVL 1

Author Comment

by:rpmccly
ID: 35730140
we have nothing in the mmc. I know I have seen certificate stuff somewhere before, where do I find your:

"Issued Certificate -> find your certificate -> double click on certificate and follow rest steps identical to above from copy to file steps."

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:rpmccly
ID: 35730167
If I say start menu > admin tools > certificate authority > it says:

 "The specified service does not exist as an isntalled service. 0x424 (WIN32: 1060)"
0
 
LVL 11

Expert Comment

by:Sanjay Santoki
ID: 35736035
Hello,

At this stage it seems, you don't have certificate bind with outlook web access. However, you can further be sure by the following below steps.

Open IIS manager -> Right Click on 'Default Web Site' -> Security -> Take a screen shot and share it with me

Regards,
Sanjay Santoki
0
 
LVL 1

Author Comment

by:rpmccly
ID: 35737150
We have one, it says there is a private one associated with it.

 Cert Screenshot
0
 
LVL 11

Expert Comment

by:Sanjay Santoki
ID: 35744771
Hello,

I see you have erase name of issued by and issued to which required to assist you further.

If I say, you have to perform export certificate steps on the server which found in issued by

Also, can you please share status of certificate authority service?

Regards,
Sanjay Santoki
0
 
LVL 1

Author Comment

by:rpmccly
ID: 35745895
Where do you export the certificate and can you export it directly to a phone somehow? The issued to and issued by is obviously our server but I dont see why you'd need it. Just call it server.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35747888
To install the certificate, you need to export it first via IIS Manager on the server.

Open up IIS Manager, expand Web Sites, then right-click on your Default Web Site and choose properties, then click on the Directory Security Tab, then the View Certificate button, then on the Details Tab of the Certificate Windows.

On the Details Tab, click on Copy To File, click Next, Next, Next, Choose the name and location for the certificate file (Desktop should be easy to find and certificate.cer for the name) then click Next and then Finish.

Copy the certificate.cer file to the computer on a USB stick and then do the following:

Open up Internet Explorer, Click on Tools, Internet Options, Content Tab, Certificate Button, Trusted Root Certification Authorities Tab.  Click Import, Next, Browse to the certificate.cer file on the USB stick and click next, Select 'Place all certificates in the following store' and click Browse, check the Show Physical Stores Box and then select Trusted Root Certification Authorities Folder (Expand it) and then choose Registry and click OK.  Click Next and then Finish.  Click OK on the next prompt.
0
 
LVL 1

Author Comment

by:rpmccly
ID: 35748515
Great thanks Alan, but does that transfer to the phone? Can you import it the same way to use with RDP too?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35748703
You can copy the file to the phone and install it from there - but it might depend on the phone.  What sort do you have?

Yes for RDP too.
0
 
LVL 1

Author Comment

by:rpmccly
ID: 35749110
The one in question is an iphone but there are all kinds of phones that would use it. Android/blackberry/palm...you name it. How do you transfer it to them without a usb cord?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35749492
Great - with an iPhone you don't have to install the certificate - you just click Accept and off you go.

Can't talk about Android's / Blackberries - don't use them and never going to!!

Windows Mobile phones need them installed and you need to do that via a USB cable.
0
 
LVL 5

Accepted Solution

by:
Robert_Turner earned 2000 total points
ID: 35752924
Open Windows Explorer and navigate to \\WindowsSBSServerName\ClientApps\SBScert
Connect the Windows Mobile device to the computer
Copy the cert to the memory of the MobileDevice
Remove the mobile device from USB.
Using file explorer on the mobile device, browse to the SBSCert, open the context menu and select install.
0
 
LVL 1

Author Closing Comment

by:rpmccly
ID: 35769705
THANK YOU! I knew it would be easy, just needed the right expert!
0
 
LVL 1

Author Comment

by:rpmccly
ID: 35769772
ok that works on the windows phones but I think Android/iPhone do it automatically. I haven't tried a blackberry but I know the older models had to do it this way. You can use SSL without having to do this with Android/iPhone but Andoid won't "verify" the cert but will still use a secure connection while iPhone doesn't have the verify feature, only the SSL option.
0
 
LVL 5

Expert Comment

by:Robert_Turner
ID: 35771348
Yes that is only for windows phones, it's a bit of a pain.

Exchange 2003 does not use SSL by default, disable it in the Iphone Exchange account.  Then verify it.

I haven't set up an android in a while but If I remember correctly you have to manually tell the phone to trust the certificate, you should be able to view the certificate upon the warning.

I've personally started to use Third Party certificates over the self issued, it's less hassle, especialy more so in newer versions of SBS.

Thanks for the accepted answer.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35771630
"Exchange 2003 does not use SSL by default" - for what exactly?   Please expand on this comment.
0
 
LVL 5

Expert Comment

by:Robert_Turner
ID: 35771831
Apologies, I should be more specific.  I was reffering to SBS03 and ActiveSync connections specifically.  SSL is core to the operation of the later versions of Exchange.  

SSL's and IIS isn't one of my strong points but my understading is with Exchange 2003 and SBS03 ActiveSync connections run through port 80 without SSL enforced by default.  If you don't open up port 80 and don't disable SSL on an Iphone for example it will not function.

0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35771981
Nope - not correct.  SSL is enabled by default for SBS03 and Exchange 2003 - you have to disable it to use port 80 - which is not in the least bit recommended.
0
 
LVL 5

Expert Comment

by:Robert_Turner
ID: 35772119
For which service, ActiveSync, OWA, POP, IMAP etc?  Because these are all individual matters.

I'm concerned specifically with activesync as is this topic.  Why then, with default exchange settings, do I have to disable SSL on an Iphone to get an ActiveSync connection to work?  Is it is a case that is simply doesn't enforce it if I choose to disable it on the Iphone?  If I am missing something I would like to know.  Not that I'm installing asmany SBS03 as I used to.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35772169
SBS uses SSL by default on the Exchange virtual Directory (the only directory with this enabled that Activesync uses).  Exchange 2003 has SSL enabled on the Microsoft-Server-Activesync virtual directory only, unless Forms Based Authentication is enabled, in which case the Exchange Virtual Directory has SSL enabled also and you need to create the Exchange-OMA virtual Directory to handle the internal calls from the Microsoft-Server-Activesync virtual directory.

Have a read of my article for info:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
LVL 5

Expert Comment

by:Robert_Turner
ID: 35773412
Interesting article.  You learn something new every day.  Cheers.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35773458
You are welcome.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question