The Windows Mobile operating system has support for the most common root certificates. However if you are using one the less common certificates (for example RapidSSL) or you are creating your own, then you will be unable to use Exchange ActiveSync. With Exchange 2003, Outlook Mobile Access (OMA) will present a certificate prompt.
To avoid these errors you need to install the certificate on to your device, or install the root certificate on to the device.
Using the Right Certificate
The choice of the certificate that you are importing to the handheld is important.
If you are generating your own certificates, then that is what you need to import.
If you are putting in a third party certificate that is currently not supported by the handheld, then you need to use the third party's root certificate.
Signed Applications
Either of these processes may not work if your device will only run signed applications. If that is the case then you should look for a mechanism that will remove that requirement, or see if the supplier has provided a signed version of the tool.
Importing the Certificates
There are two methods of importing the certificates
- Exporting the certificate to file in to a correct format, copying this across to your device and then importing it. Instructions.
- Having the certificate as part of a cabinet file. This is useful if you want to deploy the certificate as part of a wider configuration file or want the file to be downloadable from a web site, using the Windows Mobile device. Instructions.
Questions
Q: Why should I use the root certificate instead of the individual certificate that I am using with my web site?
A: Your own certificate will only be valid for a set period. When that certificate expires you will have to go through the process of replacing the certificate. A root certificate is valid for much longer - probably longer than the device will be valid.
Furthermore, if you are using multiple certificates or your users could access multiple web sites that support that certificate, then the root is already there ready to be supported.
Q: Can I use a wildcard certificate?
A: Wildcard certificates are not supported by Windows Mobile 5.0 and older versions of Windows Mobile. Therefore their use should be avoided where possible. More information: http://blogs.msdn.com/windowsmobile/archive/2005/11/03/488924.aspx
Q: What about Exchange 2007?
A: If you want to use a Windows Mobile device with Exchange 2007 then you should be using a SAN (Subject Alternative Name) certificate, also referred to as a UC (Unified Communications) certificate. These are treated in the same way as other certificates, and will need to be supported by Windows Mobile.
Q: Are there any cheap certificates that are supported by Windows Mobile without having to go through this hassle?
A: Yes. You can get SSL certificates from Go Daddy or one of their resellers such as Certificates for Exchange. These are trusted by most Windows Mobile devices natively, from version 5.0 with the MSFP pack onwards. If you are using Exchange 2007, then their SAN/UC certificates are also trusted and will work on most devices without additional changes being required.
Mobile Home Page - Site Home Page
Last Page Update: 19/02/2011
| More Content from Sembee Ltd. | ||
| Resources on exchange.sembee.info | Other Sites | Sembee Ltd. |
| Microsoft Exchange 2003 | Command Prompt Getting Started Guide | Microsoft Exchange Consultancy |
| Microsoft Exchange 2007 | Login Scripts | Director's Blog |
| Microsoft Exchange 2010 | MS Exchange Resources | |
| Microsoft Outlook | Knowledge Base search | |
| Exchange Networking Tasks | Recovery of MS Office content from Temp Files | |
| Amazon Store | Troubleshoot the Automatic Updates Client | |
| UK ISP Status Pages | ||
| © Sembee Ltd. 1998 - 2011. | ||
| Reproduction of any content on this web site is prohibited without express written consent. Use of this web site is subject to our terms and conditions. All trademarks and registered trademarks are property of their respective owners. This site is not endorsed or recommended by any company or organisation mentioned within and is to provide guidance only and as such we cannot be held responsible for any consequences of following the advice given.
Sembee Ltd. is registered in England and Wales at 33 Scrivens Mead, Thatcham, Berkshire, RG19 4FQ. | ||