Click here to get back home

Installed DER Cert. for SSL but still doesn't work? (solution)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.pocketpc.activesync    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Installed DER Cert. for SSL but still doesn't work? (solution) Dave Smith 01-24-2007
Posted by Dave Smith on January 24, 2007, 12:57 pm
Please log in for more thread options
 I have a Audiovox XV6700 (Windows Mobile 5.0) phone. Like a lot of folks,
I've been struggling to get this device to talk to my Exchange Server. My
IIS has a valid third party certificate, and I had followed the steps Chris
De Herrera had laid out on his website (www.pocketpcfaq.com) for exporting a
DER certificate that the device could read. The phone would take the
certificate, but it still wouldn't let me get to OMA w/o bitching about the
certificate.

Verizon was more than helpful ("you can't do that", "that doesn't work on
our phones", "our phones don't deal with that 'stuff'") after which they
directed me to Microsoft, who had already verified that my cert. was
installed correctly on IIS.

After some late-nite reading of Chris's site, and jumping here and there, I
found a utility (http://www.jacco2.dds.nl/networking/p12imprt.html) that
will import the key you can backup from IIS. After running this on the
phone and importing the cert., everything worked.

So, after several days of battling this, I'm done! Many thanks to Chris and
his great site. If you have a WM5 phone, and are having trouble getting a
cert. installed so that OMA will work, go check out that link.



Posted by Jacco de Leeuw on January 25, 2007, 1:54 pm
Please log in for more thread options
Dave Smith wrote:

> I have a Audiovox XV6700 (Windows Mobile 5.0) phone. Like a lot of folks,
> I've been struggling to get this device to talk to my Exchange Server. My
> IIS has a valid third party certificate, and I had followed the steps Chris
> De Herrera had laid out on his website (www.pocketpcfaq.com) for exporting a
> DER certificate that the device could read. The phone would take the
> certificate, but it still wouldn't let me get to OMA w/o bitching about the
> certificate.
>
> After some late-nite reading of Chris's site, and jumping here and there, I
> found a utility (http://www.jacco2.dds.nl/networking/p12imprt.html) that
> will import the key you can backup from IIS. After running this on the
> phone and importing the cert., everything worked.

What I think may have happened is that your third-party CA uses intermediate
certificates. Windows Mobile does not retrieve intermediate certificates from
the server if the server is not configured to send them or does not have them
in its certificate store.

The P12imprt utility (glad you liked it, BTW) can install intermediate
certificates if they are included in the PKCS#12 file. P12imprt is mainly
intended to install a personal certificate with a private key but I don't
get the impression that you want to install a personal certificate for
authenticating to the Exchange server. An alternative method is to create
a .CAB file with the intermediate certificate(s):

http://blogs.msdn.com/windowsmobile/archive/2006/02/27/ssl_certificates_201.aspx

Jacco
--
Jacco de Leeuw mailto:jacco2@dds.mil
Zaandam, The Netherlands http://www.jacco2.dds.nl
Please note: my real e-mail address is not shown, due to spam.
(Hint: I'm *not* in the military but in the Netherlands...)

Posted by Dave Smith on January 25, 2007, 2:30 pm
Please log in for more thread options
I would have used a private certificate, but the early reading I did
indicated I needed to use a third-party cert. Now I know better, lol. I've
got your website stashed in my favorites so after this cert. expires in a
year, I can find it if I switch over to a self-generated cert.

Thanks for the utility!

>
> Dave Smith wrote:
>
>> I have a Audiovox XV6700 (Windows Mobile 5.0) phone. Like a lot of
>> folks, I've been struggling to get this device to talk to my Exchange
>> Server. My IIS has a valid third party certificate, and I had followed
>> the steps Chris De Herrera had laid out on his website
>> (www.pocketpcfaq.com) for exporting a DER certificate that the device
>> could read. The phone would take the certificate, but it still wouldn't
>> let me get to OMA w/o bitching about the certificate.
>>
>> After some late-nite reading of Chris's site, and jumping here and there,
>> I found a utility (http://www.jacco2.dds.nl/networking/p12imprt.html)
>> that will import the key you can backup from IIS. After running this on
>> the phone and importing the cert., everything worked.
>
> What I think may have happened is that your third-party CA uses
> intermediate
> certificates. Windows Mobile does not retrieve intermediate certificates
> from
> the server if the server is not configured to send them or does not have
> them
> in its certificate store.
>
> The P12imprt utility (glad you liked it, BTW) can install intermediate
> certificates if they are included in the PKCS#12 file. P12imprt is mainly
> intended to install a personal certificate with a private key but I don't
> get the impression that you want to install a personal certificate for
> authenticating to the Exchange server. An alternative method is to create
> a .CAB file with the intermediate certificate(s):
>
>
http://blogs.msdn.com/windowsmobile/archive/2006/02/27/ssl_certificates_201.aspx
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2@dds.mil
> Zaandam, The Netherlands http://www.jacco2.dds.nl
> Please note: my real e-mail address is not shown, due to spam.
> (Hint: I'm *not* in the military but in the Netherlands...)



Similar ThreadsPosted
How to tell if cert properly installed May 29, 2008, 7:24 pm
Solution: ActiveSync did not work for imate SP5 over USB with Sygate Personal Firewall. May 15, 2006, 9:30 am
Installed Google Desktop now Activesync does not work March 9, 2006, 6:46 am
cert issues June 9, 2006, 1:50 pm
ssl cert by rapidssl June 8, 2008, 11:41 pm
Disable Cert Check under WM5 December 10, 2005, 2:58 am
ActiveSync Cert Error January 25, 2006, 12:38 pm
0x80072f17 - Cert problem? February 14, 2006, 10:36 am
Wildcard Cert on WM5 Treo700 July 30, 2007, 11:22 am
as says the cert is invalid- when it isnt June 1, 2008, 8:48 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap