Monday, January 16, 2006
Windows Mobile 5.0 and Self-Signed Certificates
Happy New Year. I know, I know, the posting isn't as often these days, but when you're heads down on things that you can't speak about, it's a little hard to have other time to investigate cool stuff. And yes, for those of you interested, I'm still working on the steps for hosting multiple websites via ISA, I think that's my only outstanding request.
Anyways, now that Windows Mobile 5.0 is available, I'm allowed to discuss this particular topic. It's becoming known that the self-signed certificate that is created as part of running the CEICW (Configure E-Mail and Internet Connection Wizard) doesn't install on devices running the latest version of Windows Mobile. Well, the good news is, that's because we've made the device much more secure. As a result, your device is much more robust to threats from the outside world. However, it does unfortunately cause a slight headache for our SBS customers.
If you have an i-mate (typically the Audiovox SMT5600) you might not be completely out of luck, as over at Club I-Mate once you register your device (which yes, requires making an account) there is a device that can install such certificates on your device. Depending on how locked down your provider makes your phone this could be an option.
The quickest, most efficient way to get Over the Air Synch against the Exchange server to happen is to install a trusted certificate. But be careful! Not all certificates are created equal. Windows, and by the transitive property, Internet Explorer, trust far more root certificates than Windows Mobile based devices. When you're purchasing your certificate, if you plan to use a Windows Mobile based device against your SBS server, make sure the certificate chains up to one of the core root certificates: VeriSign, Cybertrust, Thawte, Entrust, GlobalSign and Equifax. Without this, to the mobile device, it just looks like a self-signed certificate...