Installed DER Cert. for SSL but still doesn't work? (solution)

I have a Audiovox XV6700 (Windows Mobile 5.0) phone. Like a lot of folks,
I've been struggling to get this device to talk to my Exchange Server. My
IIS has a valid third party certificate, and I had followed the steps Chris
De Herrera had laid out on his website (www.pocketpcfaq.com) for exporting a
DER certificate that the device could read. The phone would take the
certificate, but it still wouldn't let me get to OMA w/o bitching about the
certificate.

Verizon was more than helpful ("you can't do that", "that doesn't work on
our phones", "our phones don't deal with that 'stuff'") after which they
directed me to Microsoft, who had already verified that my cert. was
installed correctly on IIS.

After some late-nite reading of Chris's site, and jumping here and there, I
found a utility (http://www.jacco2.dds.nl/networking/p12imprt.html) that
will import the key you can backup from IIS. After running this on the
phone and importing the cert., everything worked.

So, after several days of battling this, I'm done! Many thanks to Chris and
his great site. If you have a WM5 phone, and are having trouble getting a
cert. installed so that OMA will work, go check out that link.

Dave Smith wrote:

> I have a Audiovox XV6700 (Windows Mobile 5.0) phone. Like a lot of folks,
> I've been struggling to get this device to talk to my Exchange Server. My
> IIS has a valid third party certificate, and I had followed the steps Chris
> De Herrera had laid out on his website (www.pocketpcfaq.com) for exporting a
> DER certificate that the device could read. The phone would take the
> certificate, but it still wouldn't let me get to OMA w/o bitching about the
> certificate.
>
> After some late-nite reading of Chris's site, and jumping here and there, I
> found a utility (http://www.jacco2.dds.nl/networking/p12imprt.html) that
> will import the key you can backup from IIS. After running this on the
> phone and importing the cert., everything worked.

What I think may have happened is that your third-party CA uses intermediate
certificates. Windows Mobile does not retrieve intermediate certificates from
the server if the server is not configured to send them or does not have them
in its certificate store.

The P12imprt utility (glad you liked it, BTW) can install intermediate
certificates if they are included in the PKCS#12 file. P12imprt is mainly
intended to install a personal certificate with a private key but I don't
get the impression that you want to install a personal certificate for
authenticating to the Exchange server. An alternative method is to create
a .CAB file with the intermediate certificate(s):

http://blogs.msdn.com/windowsmobile/...cates_201.aspx

Jacco
--
Jacco de Leeuw private.php?do=newpm&u=
Zaandam, The Netherlands http://www.jacco2.dds.nl
Please note: my real e-mail address is not shown, due to spam.
(Hint: I'm *not* in the military but in the Netherlands...)

I would have used a private certificate, but the early reading I did
indicated I needed to use a third-party cert. Now I know better, lol. I've
got your website stashed in my favorites so after this cert. expires in a
year, I can find it if I switch over to a self-generated cert.

Thanks for the utility!

"Jacco de Leeuw" <> wrote in message
news:eA%...
>
> Dave Smith wrote:
>
>> I have a Audiovox XV6700 (Windows Mobile 5.0) phone. Like a lot of
>> folks, I've been struggling to get this device to talk to my Exchange
>> Server. My IIS has a valid third party certificate, and I had followed
>> the steps Chris De Herrera had laid out on his website
>> (www.pocketpcfaq.com) for exporting a DER certificate that the device
>> could read. The phone would take the certificate, but it still wouldn't
>> let me get to OMA w/o bitching about the certificate.
>>
>> After some late-nite reading of Chris's site, and jumping here and there,
>> I found a utility (http://www.jacco2.dds.nl/networking/p12imprt.html)
>> that will import the key you can backup from IIS. After running this on
>> the phone and importing the cert., everything worked.
>
> What I think may have happened is that your third-party CA uses
> intermediate
> certificates. Windows Mobile does not retrieve intermediate certificates
> from
> the server if the server is not configured to send them or does not have
> them
> in its certificate store.
>
> The P12imprt utility (glad you liked it, BTW) can install intermediate
> certificates if they are included in the PKCS#12 file. P12imprt is mainly
> intended to install a personal certificate with a private key but I don't
> get the impression that you want to install a personal certificate for
> authenticating to the Exchange server. An alternative method is to create
> a .CAB file with the intermediate certificate(s):
>
> http://blogs.msdn.com/windowsmobile/...cates_201.aspx
>
> Jacco
> --
> Jacco de Leeuw private.php?do=newpm&u=
> Zaandam, The Netherlands http://www.jacco2.dds.nl
> Please note: my real e-mail address is not shown, due to spam.
> (Hint: I'm *not* in the military but in the Netherlands...)