Recipe8.18.Installing a Root Certificate for Use with EAS


Recipe 8.18. Installing a Root Certificate for Use with EAS

Problem

You want to install a root certificate on a portable device for Exchange ActiveSync users.

Solution

Using a graphical user interface

  1. Download the Smartphone Add Certificate utility (SmartphoneAddCert.exe) from the Microsoft Download Center (http://www.microsoft.com/downloads/details.aspx?FamilyID=9f812d36-ee54-48cb-9703-7619b1a9e1ad), then extract its contents to a folder.

  2. Copy the extracted executable SpAddCert.exe to the smartphone's "Accessories" directory:

    • for Smartphone 2003, use \Storage\Windows\Start Menu\Accessories

    • for Smartphone 2002, \IPSM\Windows\Start Menu\Accessories

  3. Export the root certificate as a DER-encoded binary X.509 file; save the exported file as filename.cer.

  4. Copy filename.cer to the smartphone's root storage directory: \Storage for Smartphone 2003 or \IPSM for Smartphone 2002.

  5. On the smartphone, select Start Accessories SPAddCert.

  6. Verify the certificate details and click OK. Click OK when you are asked if you are sure you want to add the certificate.

Discussion

Windows Mobile 2002 and 2003 smartphones ship with root certificates installed for the major certification authorities, but many enterprises wish to issue their own root certificates for use with Exchange ActiveSync, VPN, or web services. Microsoft has made the Smartphone Add Certificate Utility available to allow users to add this root certificate authority to the device's trusted certificate authority list. However, the utility will not work on phones that are application-locked by the mobile carrier; instead, the carrier must sign and distribute its own version of the utility. At the time of this writing, only Verizon has issued a signed version of the utility, available as VZW_SPAddCert.exe from the Microsoft Download Center. If you run through the steps in this recipe and are presented with an error message indicating that your smartphone is locked, you should contact your mobile carrier for assistance.

See Also

Recipe 8.17 for disabling checking of root certificates, and MS KB 841060 (How to add root certificates to Windows Mobile 2003 Smartphone and Windows Mobile 2002 Smartphone)



Exchange Server Cookbook
Exchange Server Cookbook: For Exchange Server 2003 and Exchange 2000 Server
ISBN: 0596007175
EAN: 2147483647
Year: 2006
Pages: 235

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net