Installed DER Cert. for SSL but still doesn't work? (solution)

Discussion in 'ActiveSync' started by Dave Smith, Jan 24, 2007.

  1. Dave Smith

    Dave Smith Guest

    I have a Audiovox XV6700 (Windows Mobile 5.0) phone. Like a lot of folks,
    I've been struggling to get this device to talk to my Exchange Server. My
    IIS has a valid third party certificate, and I had followed the steps Chris
    De Herrera had laid out on his website (www.pocketpcfaq.com) for exporting a
    DER certificate that the device could read. The phone would take the
    certificate, but it still wouldn't let me get to OMA w/o bitching about the
    certificate.

    Verizon was more than helpful ("you can't do that", "that doesn't work on
    our phones", "our phones don't deal with that 'stuff'") after which they
    directed me to Microsoft, who had already verified that my cert. was
    installed correctly on IIS.

    After some late-nite reading of Chris's site, and jumping here and there, I
    found a utility (http://www.jacco2.dds.nl/networking/p12imprt.html) that
    will import the key you can backup from IIS. After running this on the
    phone and importing the cert., everything worked.

    So, after several days of battling this, I'm done! Many thanks to Chris and
    his great site. If you have a WM5 phone, and are having trouble getting a
    cert. installed so that OMA will work, go check out that link.
     
    Dave Smith, Jan 24, 2007
    #1
    1. Advertisements

  2. What I think may have happened is that your third-party CA uses intermediate
    certificates. Windows Mobile does not retrieve intermediate certificates from
    the server if the server is not configured to send them or does not have them
    in its certificate store.

    The P12imprt utility (glad you liked it, BTW) can install intermediate
    certificates if they are included in the PKCS#12 file. P12imprt is mainly
    intended to install a personal certificate with a private key but I don't
    get the impression that you want to install a personal certificate for
    authenticating to the Exchange server. An alternative method is to create
    a .CAB file with the intermediate certificate(s):

    http://blogs.msdn.com/windowsmobile/archive/2006/02/27/ssl_certificates_201.aspx

    Jacco
     
    Jacco de Leeuw, Jan 25, 2007
    #2
    1. Advertisements

  3. Dave Smith

    Dave Smith Guest

    I would have used a private certificate, but the early reading I did
    indicated I needed to use a third-party cert. Now I know better, lol. I've
    got your website stashed in my favorites so after this cert. expires in a
    year, I can find it if I switch over to a self-generated cert.

    Thanks for the utility!
     
    Dave Smith, Jan 25, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.