Re: SSL Certificate not trusted by Windows Mobile 6
- From: Freaky <wontsay@xxxxxxxxxx>
- Date: Wed, 18 Mar 2009 10:43:28 +0100
Forgot to mention in my post that hasn't shown up yet, that we got
pretty tired of some devices not trusting CA A, whilst other don't trust
B. Forcing you into very expensive certs, which is not an issue with 300
employees but is very steap for 3 mobile employees...
So I decided to get rid of it. We created our own CA. We publish the
public cert on our website. Most phones support directly installing from
a site, if you go directly to the cert file. There are some issues with
encoding. Don't recall which on which but some devices want BER
encoding, whilst others want DER. Luckily these seem to have all other
sort of names and (some) extensions seem to be shared by both formats...
Anyways, all we had to make sure of was that our webserver sends out the
correct MIME type with the file and put them on the website. Put certs
in both encodings on there so i have www.domain.com/cert.cer and
www.domain.com/cert.crt.
Then wrote a manual, how user surfs to www.domain.com/cert.[crt/cer] and
to click yes to install it.
Now I sign all certs with our CA. Deploy the CA cert through GPO to
laptops etc, so outlook's RPC over HTTPS works.
Psychopasta wrote:
Hey Freaky,.
Yep, I paid just south of $300 for two years of nothing. I need to add the
certificates by hand, which negates the whole point of upgrading from the
free certificate that comes with SBS!
Clearly the lesson here is: don't pay for a third-party validated
ceritificate, because you'll end up no better off that with the free
certificate that came with SBS. What a rip-off!
Thanks to you and Cris for your replies,
- Pasta
"Freaky" wrote:
When you run into issues like this certificates prove to be a pita and
mostly it's air being sold too. Often at very high prices.
I have an equifax secure CA on my windows mobile (HTC).
Unfortunately many of these companies have several CA's. And many of
them try to be included into every browser on desktop OS'es. AFAIK they
even pay to be included in a lot of devices (or explicitly NOT pay NOT
to be included). Also, the vendor might just be lazy etc. Frequently it
has only 1 purpose: getting more money for exactly the same
functionality. Why ask only $50/y for a cert if you can ask $150/y if it
has to work on phones, whilst technically nothing changes (besides the
CA cert that signs it).
There is a list of supported CA's in windows mobile on
support.microsoft.com somewhere. Unfortunately, the phone vendor can
adjust these things, so always check the root CA's on the device.
Psychopasta wrote:
Hi,
I bought a 'real' SSL certificate for my SBS2008 server. It was issued by
Equifax Secure Global eBusiness CA-1. It works fine with all my PCs that log
in to use OWA.
However, my mobile phone, a Samsung Omnia on the Verizon network will not
trust it. An iPhone trusts it just fine.
Now I've read about how to install a certificate on the phone, but the whole
purpose of buying the SSL was so that I didn't need to install the
certificate. Is theer some level of SSL that I need for Windows Mobile? In
other words, should I upgrade the certificate somehow, or get one from a
different signing authority?
Thanks for your help,
- Pasta
- Follow-Ups:
- Re: SSL Certificate not trusted by Windows Mobile 6
- From: Psychopasta
- Re: SSL Certificate not trusted by Windows Mobile 6
- References:
- SSL Certificate not trusted by Windows Mobile 6
- From: Psychopasta
- Re: SSL Certificate not trusted by Windows Mobile 6
- From: Freaky
- Re: SSL Certificate not trusted by Windows Mobile 6
- From: Psychopasta
- SSL Certificate not trusted by Windows Mobile 6
- Prev by Date: Re: SSL Certificate not trusted by Windows Mobile 6
- Next by Date: Can't open excel files when other user has it open
- Previous by thread: Re: SSL Certificate not trusted by Windows Mobile 6
- Next by thread: Re: SSL Certificate not trusted by Windows Mobile 6
- Index(es):
Relevant Pages
|
