Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OMA certificate about to expire 1

Status
Not open for further replies.

ouzojd

Programmer
Jun 9, 2002
314
AU

Hi, we use Windows 2003 mobile devices in our organisation which receive email from our Exchange 2003 SP2 server. When I set up a new device I need to install a certificate on it in order for it to be able to sync. This certificate is due to expire soon. I know a little bit about IIS but does anyone know what I need to do to create a new certificate for our OMA devices or where I can find some instructions. I havent had much luck with google so far but maybe they arent referred to as client side certificates?
 
If you begin the process of renewing the cert from the people that provided it, you are usually provided instructions for installing the cert on your server.

Typically you have to request a new cert from within the IIS security settings for your site. That causes a cert-request file to be created. You give that to the cert provider, and they in turn give you a file that you import using the same IIS Security settings config area. You would then need to distribute that cert in the same fashion that you currently distribute your existing cert.

Here's a renewal walkthrough:


ShackDaddy
Shackelford Consulting
 
OK, thanks. I've actually done that before for a SSL site at my old job but I thought this may be different been that the cert has to be installed on the mobile devices in order for them to authenticate.

I guess my other concern is if I create a new certificate (not through verisign or similar but generating my own) will the mobile devices currently using OMA stop working until I manually install the new certificate on them?
 
Yes, they will stop working till you install the new certs.

GoDaddy sells a cert for $20 that will work on most mobile devices. That's what I've been deploying for the last year, since the self-signed can be such a hassle with the mobiles.

ShackDaddy
Shackelford Consulting
 
If you are using Treos, call GoDaddy for instructions on installing a root cert, otherwise Treos won't work right. Importing their root cert is not straightforward.
 
GoDaddy uses the root Valicert, but they also have a cert path that includes the intermediate Starfield cert, so the basic cert you get from GoDaddy won't work unless you've also installed the Starfield cert.

I think maybe in some situations you also have to install the Starfield intermediate cert on the Treo's to get them to work.

ShackDaddy
Shackelford Consulting
 

Thanks, everyone. Is there anyway I can turn off requiring a certificate for them to connect to OMA while I go through the process of giving them the new certificates or is this really bad to do? PS: we are using Imates.
 
OK, thanks for your help on this. That probably doesnt sound like the preferable way but if I run into trouble at least it's a temporary option to get them going.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top