Announcement

Collapse
No announcement yet.

Pocket PC and ActiveSync using SSL

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Pocket PC and ActiveSync using SSL

    I set up our Exchange 2003 server (Sp2) to use SSL on OWA with an internal certificate. I also have 2 pocket PCs that access this server. I set up the pocket PCs from the article-Problems Syncing a Pocket PC using SSL on Daniels website. I used method 3 and set up the ExchDAV directory and added the registry entry to point to it. OWA works fine using SSL. OMA can be accessed using either http or https (from a computer). The pocket pc will sync when SSL is uncheck. My question is how is this secure and if its not what do I need to do to correct it? If I want to go back to using the default directory instead of ExchDAV should I just delete the registry entry? I am thinking of using an external certificate instead of internal or download the file that disables using certificates. I understand that the data still is transmited using SSL when you disable it on the phone.

  • #2
    Re: Pocket PC and ActiveSync using SSL

    I have pretty much the same question. Over-the-air direct push ActiveSync from Exchange Server is working in my environment to Pocket PCs, using Method 3 of the famous doc. Separately I can access OMA via http and https.

    Is this ActiveSync method secured by SSL in some roundabout fashion, or is it truly sending potentially proprietary email data over my wireless provider's network via plain text? I understand that via WiFi I'm secured from my access point to my Pocket PC's client via enabled WEP, but across the wireless provider's GPRS EDGE...

    Please clarify if someone can, and direct towards any secure workarounds for the ActiveSync workarounds if possible.

    Thanks,

    - WJB
    Last edited by wjbarton; 4th March 2006, 00:17.

    Comment


    • #3
      Re: Pocket PC and ActiveSync using SSL

      I'm in the process of setting up the same configuration. I anticipate this will become more of a topic as time goes on.

      Comment


      • #4
        Re: Pocket PC and ActiveSync using SSL

        Look, whenever you're not using SSL for OWA/OMA/AS you're using plain text. Period.

        Plain text for usernames, passwords, and for the data itself.

        Is that a good thing? Is it worth not enabling SSL? I don't think it is.

        It's true that if you're using your PPC inside your corporate LAN and are using WIFI that is properly secured then you'll have a sense of security, but remember that the WIFI encryption is far less secure than you would expect, AND, besides that, it will only protect the data media (i.e. air), not the data itself. What I mean to say is that although WIFI might be configured to be encrypted, the moment it passes over the access point if will be plain text again.

        This is far more important when, for example, you're using some sort of public WIFI hot spot, and you really have no control on how the data is passed on from the access point to the ISP. Someone might be sitting with a packet analyzer just otside the access point and sniffing for passwords etc.

        So, my recommendation is to first use SSL, and bother with EXTRA encryption later.
        Cheers,

        Daniel Petri
        Microsoft Most Valuable Professional - Active Directory Directory Services
        MCSA/E, MCTS, MCITP, MCT

        Comment


        • #5
          Re: Pocket PC and ActiveSync using SSL

          Originally posted by wjbarton
          I have pretty much the same question. Over-the-air direct push ActiveSync from Exchange Server is working in my environment to Pocket PCs, using Method 3 of the famous doc. Separately I can access OMA via http and https.

          Is this ActiveSync method secured by SSL in some roundabout fashion, or is it truly sending potentially proprietary email data over my wireless provider's network via plain text? I understand that via WiFi I'm secured from my access point to my Pocket PC's client via enabled WEP, but across the wireless provider's GPRS EDGE...

          Please clarify if someone can, and direct towards any secure workarounds for the ActiveSync workarounds if possible.

          Thanks,

          - WJB
          I would very much like to see "the famous doc", where is it?? Iīm trying to get direct push too work, but Iīm missing something somewhere

          Regards from Denmark
          G Ladefoged

          Comment


          • #6
            Re: Pocket PC and ActiveSync using SSL

            Hello, I am Elizabeth from Brasil, and this is my first post. I would like to say Hello to the community. I hope I am not breaking any of Danielīs rules with my doubts.

            How can I temporarily disable Root Certificate checking on my Windows Mobile 2002/2003 Pocket PC

            I followed the procedures on How can I temporarily disable Root Certificate checking on my Windows Mobile 2002/2003 Pocket PC - article from Daniel's site, but it didnīt work.
            I have active sync 4.2 and Mobile 2003 Pocket PC.
            Our server is 2003 and we are using a CA
            I downloaded the "Disable Cert Check" tool, extracted the files and tried to execute the certchk.exe file. A prompt asked me with wich user I would like to run the application (mine or administrator). I choosed mine and I got an error "Application not correctly initialized. Click ok to end the execution"
            The command line opens. I tried using the prompt line (DOS) from my desktop and it seemed to work. I typed certchk off at the directory where the file certchk.exe was extracted to. But I canīt understand how this command would change the Pocket Pc device behaviour. And indeed it didnīt, I am still not connecting with the server with SSL because of the certification check ( I get HTTP_500 error).

            Can anyone help me?

            Comment

            Working...
            X