Announcement

Collapse
No announcement yet.

Exchange 2007 Active Sync CA

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2007 Active Sync CA

    Does exchange 2007 no longer accept self signed certificates for activesync? The only way I can get my Treo to connect to my Exchange 2007 server is if I select ignore certificates. It is not accepting the certificate that I put on it from my CA server. Thanks.

  • #2
    Re: Exchange 2007 ActivSync CA

    The phones have never accepted self signed certificates. You have to import them in to the device manually or using a cab file. However I don't use self signed certificates at all. When you can get SSL certificates that are trusted by most Windows Mobile devices for US$20 a year there isn't much point.

    Simon
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange 2007 ActivSync CA

      I created self signed cert and imported it to WM05 or WM06 mobile phone, everything works just fine...

      Comment


      • #4
        Re: Exchange 2007 ActivSync CA

        Where can I get one for $20 a year? I thought it was more like $20 a month!

        Comment


        • #5
          Re: Exchange 2007 ActivSync CA

          Looking at Verisign? Their certificates are overpriced and under specified.
          GoDaddy do SSL certificates for US$20 a year, or US$60 for a UC/SAN certificate which is what you should use with Exchange 2007.
          http://www.certificatesforexchange.com/

          RapidSSL do single certificates for US$60 a year, although I have seen resellers selling them for almost half that.

          Simon.
          --
          Simon Butler
          Exchange MVP

          Blog: http://blog.sembee.co.uk/
          More Exchange Content: http://exchange.sembee.info/
          Exchange Resources List: http://exbpa.com/
          In the UK? Hire me: http://www.sembee.co.uk/

          Sembee is a registered trademark, used here with permission.

          Comment


          • #6
            Re: Exchange 2007 ActivSync CA

            I got purchased the UCC ( Unified Communication Certificate) from GoDaddy for $59.99 ( for 1 year subs.) and really happy with it, as well as our users. No more warnings for them when using OWA, and I don't have to load cert manually to every WM phone anymore.
            Regards,
            John

            Comment


            • #7
              Re: Exchange 2007 ActivSync CA

              OH it works across multiple phones also? I always though I'd have to get one for each phone. I can't believe I never just bought one of these before.......

              Comment


              • #8
                Re: Exchange 2007 ActivSync CA

                SSL certificates are per certificate, not per device.
                You install it on the server.

                It is just the same as connecting to your bank - they didn't provide you with a certificate.

                Simon.
                --
                Simon Butler
                Exchange MVP

                Blog: http://blog.sembee.co.uk/
                More Exchange Content: http://exchange.sembee.info/
                Exchange Resources List: http://exbpa.com/
                In the UK? Hire me: http://www.sembee.co.uk/

                Sembee is a registered trademark, used here with permission.

                Comment


                • #9
                  Re: Exchange 2007 ActivSync CA

                  One more question to get all the certificate questions out of my system.... SSL certificates and client certificates are not the same thing? I know the SSL certificate is there so that there can be an encrypted connection between the mobile device and the exchange server, but what about the client certificates that allow the device to logon without a password. Is that a certificate that a separate certificate issued internally? Any advantages to using this over a password? Thanks for all the help!

                  Comment


                  • #10
                    Re: Exchange 2007 ActivSync CA

                    They use the same technology, but they are different.
                    Both are SSL certificates.

                    One verifies that the server is who it says it is, the other verifies the visitor is who they say they are and is used for authentication.

                    I don't deploy client certificates and wouldn't recommend them. They are a pain to manage and not supported by much of the Exchange functionality. Windows Mobile devices I don't think support client certificates for access to Exchange.

                    Simon.
                    --
                    Simon Butler
                    Exchange MVP

                    Blog: http://blog.sembee.co.uk/
                    More Exchange Content: http://exchange.sembee.info/
                    Exchange Resources List: http://exbpa.com/
                    In the UK? Hire me: http://www.sembee.co.uk/

                    Sembee is a registered trademark, used here with permission.

                    Comment


                    • #11
                      Re: Exchange 2007 Active Sync CA

                      Thanks. I think WM6 supports client certificates, but I was just wondering if there were any advantages to using one. Since it sounds like there aren't really any benefits I will just stick with my current setup

                      Comment


                      • #12
                        Re: Exchange 2007 Active Sync CA

                        Client certificates are nothing but a pain. I do not recommend their use to anyone.

                        Simon.
                        --
                        Simon Butler
                        Exchange MVP

                        Blog: http://blog.sembee.co.uk/
                        More Exchange Content: http://exchange.sembee.info/
                        Exchange Resources List: http://exbpa.com/
                        In the UK? Hire me: http://www.sembee.co.uk/

                        Sembee is a registered trademark, used here with permission.

                        Comment

                        Working...
                        X