Sun, Dec 16 2007 12:19
Go Daddy certs on certain phones
Folks have said in the past that not all certs are created equal, that it depends on the phone. That's true but you should be able to get most phones to work. The issue is that some phones have already certain trusted roots inside of them. Some "may" have Godaddy, some don't. In fact a way to see ahead of time which certs will work and which ones won't is to examine the phone's root certificate folder and see which vendors are listed. If they do not trust the vendor of your third party SSL cert, you need to get their certificate bundle "on" the phone. To do this for godaddy certs, follow this post:
For those using Starfield (GoDaddy) issued certs, you must install the ValiCert root certificate. To download the ValiCert root follow the first 3 steps above to get to your installed certificates. Next view the certificate for your OWA server. Click the Issuer Statement button. You should be taken to a page with all sorts of ValiCert info and options. Near the bottom of the page is a CER file in DER format. Download and copy to your WM device. Install the cert by double-tapping in File Explorer or equivalent. That’s it!
The trick is to grab those legacy Valicert bundles
Specifically this one:
And get that bundle on the phone
Copy it to the phone, to someplace like my documents so you can find it, then 'tap' on it to install it. Then you should be good to go.
EDIT... you also need a godaddy specific cert on the device that I exported from the root mmc. All my mobile 6's liked the Godaddy cert, the Mobile 3's I had to get the cert on the device. I've attached the two certs I used to get them to work (see the attached files)
Filed under: Mobility
Windows Mobile 5.0 & ActiveSync
We have a few Windows Mobile 5.0 devices appearing and need to get them hooked up to our Exchange 2003 system. We have the infrastructure already in place as we use Outlook Web Access and Outlook Mobile Accesss. We have our front-end servers load balanced and port 443 mapped through from the outside world.
Like its predecessor Windows Mobile 2003, WM 5.0 lacks a wide selection of trusted root certificates installed by default. If you’re using a non-maintream or self-issued certificate you’ll need to do a little extra configuration to get ActiveSync working over the air. With WM 2003 there was a tool to disable certificate checking but it’s not compatible with WM 5.0. Instead follow these instructions:
# In Internet Explorer go to your Outlook Web Access site and ensure your certificate is installed. To check the name of it you can double click on the padlock icon in the bottom right of the browser.
# Now in the Internet Options in IE go to the Content tab and click the Certificates button.
# Now go to the Trusted Root Certificate Authorities and find your certificate.
# Select the certificate and click on the Export button. Follow the wizard and select ‘DER Encoded Binary x.509′ when prompted.
# Choose a suitable file name and finish the wizard.
# You’ll now need to copy the exported certificate to your PocketPC device either via a memory card or by USB. Once it’s on your PPC simply tap it with the stylus and follow the prompts to install it.
With the certificate successfully installed you should be able to synchronise over the air.
This worked perfectly for me and I can now securely sync via ActiveSync over USB or OTA.