none
Client Certificates

    Question

  • Can I buy client side certificates for active sync devices?  The reason I ask, I don't want to setup a CA, and not because it's difficult, I just would rather not. 

    I'm configuring a reverse proxy and my active sync devices will require a certficate for each device, but like I said I'd rather buy them then manage a CA. 

    Tuesday, February 07, 2012 10:23 PM

Answers

  • Hi rholland,

    If your organization uses an SSL certificate from a trusted commercial CA, your users might not have to install the certificate on their phone. Most phones have certificates from several trusted commercial CAs preinstalled in the root store of the phone.

    Install SSL Certificates on a Windows Mobile Phone

    http://technet.microsoft.com/en-us/library/aa997575.aspx

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Frank Wang

    TechNet Community Support

    • Marked as answer by Frank.Wang Tuesday, February 14, 2012 1:55 AM
    Wednesday, February 08, 2012 6:38 AM

All replies

  • Hi rholland,

    If your organization uses an SSL certificate from a trusted commercial CA, your users might not have to install the certificate on their phone. Most phones have certificates from several trusted commercial CAs preinstalled in the root store of the phone.

    Install SSL Certificates on a Windows Mobile Phone

    http://technet.microsoft.com/en-us/library/aa997575.aspx

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Frank Wang

    TechNet Community Support

    • Marked as answer by Frank.Wang Tuesday, February 14, 2012 1:55 AM
    Wednesday, February 08, 2012 6:38 AM
  • Is the goal here to use activesync with certificate authentication or simply have a certificate on your reverseproxy?


    lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

    Friday, February 10, 2012 9:21 PM
  • Hi rholland,

    Any updates?


    Frank Wang

    TechNet Community Support

    Monday, February 13, 2012 1:36 AM
  • Well yes and know, its working, however I'm not sure if its working the way I want, which moderator "Lasse P." points out.  I wants certs. to be required inorder work, but I don't believe I understand how that's going to work.

    I'm using apache as a reverse proxy and it's only allowing active sync through which was part of the goal, the other part was to require certs.  Right now with or without certs work and I'm attempting to remedy the problem, but I'm not sure how.

    Since the inital post, I've install a CA in our environment with the idea of using internal user certs, but again, I'm sure how to require this.

    Monday, February 27, 2012 4:14 PM