RE: Using wildcard certificates with Windows Mobile 5.0 (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Outlook Web Access



Message

donaldsmarshall -> RE: Using wildcard certificates with Windows Mobile 5.0 (31.Oct.2005 10:29:03 AM)

quote:

ORIGINAL: youngcm2

This shouldn't be that difficult. Why is outlook built to be able to handle this but pocket outlook not?


because Microsoft likes IT people pulling there hair out to make them unatractive to all the girls who like geeks???



npatang -> RE: Using wildcard certificates with Windows Mobile 5.0 (31.Oct.2005 4:17:50 PM)

I am not sure that thereg settings can work onit.
Now if only any developer creates the CERTCHK utility for us then something we can do. [:(]

[:@][&:]



vx31337 -> RE: Using wildcard certificates with Windows Mobile 5.0 (31.Oct.2005 8:55:07 PM)

probably not a solution, but i got some info today at work about this, at home right now and unfortunately i can access the info from the exchange server, wierd hehe.

ill try to post it when i have it available again.



donaldsmarshall -> RE: Using wildcard certificates with Windows Mobile 5.0 (2.Nov.2005 3:51:28 PM)

just an update for everyone I managed to get it working 100% for myself,

Imported my own certificate and rebuild of device and Mailbox finally allowed me to sync.

thanks for the ideas people!



BeTaCam -> RE: Using wildcard certificates with Windows Mobile 5.0 (2.Nov.2005 11:07:05 PM)

 
Hi

Looks like the ISA is breaking it and the EAS is working properly, Which version of ISA are you using , 2004 ?
Server Publish your Exchange and Create a Seperate Listener for the Wildcard Cert and test.

BC



vx31337 -> RE: Using wildcard certificates with Windows Mobile 5.0 (4.Nov.2005 7:57:12 PM)

hey donaldsmarshall would you be able to post a step by step overview of what exactly you did, I would like to try you method. thank you.



donaldsmarshall -> RE: Using wildcard certificates with Windows Mobile 5.0 (5.Nov.2005 2:43:38 AM)

ok heres the full instructions I am not great at writing these things so bear with me:

on the server goto start, run and type mmc, select add/remove snapin
and then click add.

select certificates, computer account, close and OK,

expand certificates, then Personnel, then certificates.

Now find the certificate you use on the website and right click and
select export from the all tasks menu.

Do Not export the private key, pick DER encoded binary x.509 (.cer) and
select a save location.


Now connect the pda to the cradle and click explore, when the window
appears cut and paste the certificate you exported to the PDA (I store
it on a SD Card).


Go back to the PDA and use file explorer, select the folder you stored
the certificate in and double click it, you get a warning message, say
yes or ok, and soft reset the PDA.


With the PDA in the cradle, Delete the Server Partnership (I had to Clean Reset the PDA dont know if its required though but it did work for me) add in the components that you want sync'd one at a time, and test each one incase something is cauisng an issue. I had also removed and readded my Mailbox, but I dont think that helped.

Hope this helps.



vx31337 -> RE: Using wildcard certificates with Windows Mobile 5.0 (5.Nov.2005 9:02:06 AM)

Hey thanks for the quick reply, I actually need to get this working on a HTC 6700 by sprint, I understand that you are using a diferent device although I dont think that would be too much of a issue since both use WM 5.0.

So you said this works 100% right ?



donaldsmarshall -> RE: Using wildcard certificates with Windows Mobile 5.0 (5.Nov.2005 9:09:46 AM)

Yeah we use HP IPAQ 2750's with the WM5 upgrade and this worked for our users, saying that I dont know if any other configs were required like virtual directories, SMTP Proxy for email checking and the other tweaks we have enabled, but hopefully this with SP2 should work for other people, let me know how you get on.

As for 100% it appears to be working :)

Tasks, Contacts, Calender and Email all arrive other than 2 attachments but I cant id what 2 and they dont bother me :)



donaldsmarshall -> RE: Using wildcard certificates with Windows Mobile 5.0 (11.Nov.2005 2:31:53 PM)

vx31337 did you have any luck getting it to work?



LPC -> RE: Using wildcard certificates with Windows Mobile 5.0 (11.Nov.2005 4:10:22 PM)

Doesn't work on my O2 XDA Exec (iMate JASJAR) ... same error everytime :(. Do MS even acknowledge this as a problem ?



mewi -> RE: Using wildcard certificates with Windows Mobile 5.0 (4.Jan.2006 10:13:29 PM)

 

thanks abdulzis!!!

This one HKCU\Software\Microsoft\Activesync\Partners\ID      Secure=0
works for me!!!!!!
 
Itīs the same result as the "disable certchk" for windows mobile 2003.
 
Thanks again!!!!
 
 
Mewi
 
 
 



JackBower -> RE: Using wildcard certificates with Windows Mobile 5.0 (2.Feb.2006 4:50:11 PM)

None of this works for me. WM50 on a Verizon XV6700.

Added registry key values of whatever they were supposed to be: Secure=0 and ID\Secure=0 none of that worked.
Imported (company wild card) certificate from server and successfully installed that. No dice.

Keep getting stupid 80072f17 error.
 
Thanks for the suggestions anyway. Any other ideas?



obiwein -> RE: Using wildcard certificates with Windows Mobile 5.0 (14.Feb.2006 4:27:22 PM)

I downloaded and used Resco to add the key secure=0. 

No longer getting the SSL cert error, but I continuously get prompted to retype my password.  I know for a fact that my password is correct and it works for accessing OWA and OMA just not ActiveSync.

Any ideas?  Thanks.



zipper -> RE: Using wildcard certificates with Windows Mobile 5.0 (14.Feb.2006 9:02:06 PM)

I'm having the same exact trouble.  I fixed the SSL cert error with the registry setting, but I get continually prompted for my password. I've double-checked the password...it's correct.  Any ideas?



kenisswell -> RE: Using wildcard certificates with Windows Mobile 5.0 (19.Apr.2006 9:04:02 PM)

I am having the same issue because of the wildcard cert.
*I have Treo 700w. We use a wildcard certificate on our ISA 2004 sp1 server which is in front of our Exchange 2003 Sp2 FE server (and E2K3 sp2 BE server).

I have tried a couple of things which did not solve the problem.
1) I installed the certificate on the Treo.
2) I modified the registry to disable the SSL checking on the Treo. When I did that then I was continually prompted for my password (like Obiwein and Zipper.)

3)As a test, I changed my ISA server to use a self-signed certificate (and then I installed that certificate on the Treo.) That then changed my error to 0x85010004. So I think it gets past the SSL issue but  I cant figure this new error out . Maybe this is related to the password prompt issue from 2. (Anyone know of the resolution for this error?)

I would rather not have to buy another certificate for my ISA server, but if I have to then I will. Does anyone have a current resolution to this that will allow us to use our existing wildcard certificate?

Ken



pgus -> RE: Using wildcard certificates with Windows Mobile 5.0 (9.Oct.2007 2:24:16 AM)

Maby try this?
http://www.digicert.com/welcome/wildcard-plus.htm

"Some of our customers have problems securely connecting to their company mail server, because their mobile devices do not support wildcard name matching," said Christopher Skarda, DigiCert's Director of Security Services. "We found that many of these mobile devices do support Subject Alternative Names. By putting the wildcard (e.g. '*.digicert.com') and the mail server name (e.g. 'mail.digicert.com') into the same certificate, we found a way to enable devices to accept the specific host name. In the past, the only option was to purchase a separate SSL Certificate."



rpm -> RE: Using wildcard certificates with Windows Mobile 5.0 (12.Oct.2007 3:22:09 AM)

Just in case this helps anyone - we have both WM5 and WM6 devices. We don't have a wildcard cert, but we have split dns so have added a DNS alias to our Exchange server so that the URL of our ISA server resolves to the Exchange server on the internal network. This obviously led to cert name mismatch issues. On WM5 to registry entry desctibed earlier in this thread fixed this (HKCU/Software/Microsoft/ActiveSync/Partnerships/*/secure = 0) - ensuring that the appropriate partnership was selected (look for the URL of your ISA server). I have seen this documented as both Secure and secure - I can only say that the all lower case spelling works for us. However WM6 doesn't support this so I added a Subject Alternative Name cert (from our internal Windows CA) - need to take care to ensure that certificate name is the same as the original, otherwise ISA complains and blocks external conections, but this works a treat for both WM5 & WM6. 



Page: <<   < prev  1 [2]