Windows Phone optimize

Exchange 2007 ActiveSync and Windows Mobile 5 and SSL


In working through our certificate issues at work, we were able to obtain a Unified Communications Certificate from Comodo that we used to secure the various Exchange 2007 components that need to be secured by SSL, including IMAP, POP3, IIS (OWA) and Autodiscover.  I'll go through the actual process in my next tip.  In this tip, I want to present one gotcha that is rather important.  It has to do with support for Windows Mobile-based devices, such as the Blackjack and the Treo 750, among others.  Until recently, we were using Good Messaging, but in a desire to roll mobile services out to a wider audience, made the decision that ActiveSync was a more affordable choice.

Once we applied our Unified Communications Certificate obtained from Comodo, just about everything worked without problems.  IE7 stopped giving certificate errors when we connected to OWA, for example.  However, our Windows Mobile-based devices still could not connect to our Exchange 2007 system.  The devices were still throwing back certificate errors.  Upon investigation, we found that the Comodo certificate we used does not, by default, have a trusted root in Windows Mobile 5-based devices.  Such support is supposed to be included in Windows Mobile 6 and Comodo does have a very, very simple workaround.

The lesson: If your mobile device is still giving your certificate troubles and you think you've got everything configured correctly, check the certificate provider's support forum!  You may just find the fix you need.

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

7 comments
geoff.peel
geoff.peel

Can anyone tell me if you can create this certificate with MS Certificate server?

julian
julian

Had the same problem with Comodo. The annoying part was that I checked several Comodo cert's from a number of secure sites first to see if their RootCA was trusted on WM5. It was. Trouble is, their UCC cert uses a different RootCA that isn't trusted. Gotta love that. The only workaround they could provide was cab containing the cert that we could install on WM5 devices. Trouble is, as a provider of hosted email, its not practical or reasonable to expect customers to have to do that. If we were just doing our own internal mail it would be a different story. Next issue came up that they had no cab (or equiv) for PPC2003 devices, which in this country there are a number of. Way to limit your potential customer base! We switched to Verisign (albeit at a much higher cost), and to Comodo's credit they didn't argue when I asked for a full refund. Lesson - cheaper certs are rarely cheaper in the long run.

avo
avo

GoDaddy (cheap) with Intermediate Certs work great for me.

blake
blake

I'm confused by this quote. We've been using comodo certs in our Exchange 2003 environment with windows mobile 5 devices for over two years with no problem and we didn't do anything special. Is this specific to Exchange 2007? Why would the exchange version matter.

Hagstrom
Hagstrom

We are using Verisign with no such problems...