[Today’s post comes to us courtesy of Peter Gallagher.]
Since Microsoft has licensed the ActiveSync protocol to 3rd parties for implementation, we are seeing a wide variety of devices that are sync’ing with SBS’s Exchange Server. Mail for Exchange is Nokia’s implementation on certain Nokia devices (the E-Series phones). Cingular is currently offering the Nokia E62 in the United States – which includes Mail for Exchange.
The Nokia device checks for certain non-required attributes on the certificate when it sync’s. The SBS self-generated certificate does not contain these attributes. The result is that when the Nokia device tries to with a Small Business Server using the SBS self-signed certificate, the device will prompt with a “click yes to continue”. Note that the typical “installing the certificate on the device” steps do not overcome this issue.
You basically have 4 options to allow Mail for Exchange to sync with your Small Business Server:
1. Uncheck “use SSL” in the Mail for Exchange application on the phone. This is the least desirable option as the data will pass between the phone and the server in “clear text”.
– or –
2. Click “yes” each time the device prompts you with a certificate warning when the device tries to sync. This will allow the device to sync with SSL however it defeats the Direct Push functionality provided by Exchange 2003 Service Pack 2. The user will have to continually click “yes” each time the device sync’s.
– or –
3. Purchase a 3rd party certificate from a Root CA that the Nokia device trusts and install it on the Small Business Server via the Configure Email and Internet Connection Wizard. You can view the Root CA’s on the Nokia device via Menu -> Tools -> Settings -> Security -> Certificate Management. This option (and 4 below) is preferred. The drawback here is that it costs money. The main advantage is that it works without user intervention.
– or –
4. Purchase a 3rd party certificate from a Root CA and then install it on the Small Business Server via the Configure Email and Internet Connection Wizard (GoDaddy would be an example). You will then have to install the certificate on the Nokia device. To install the certificate on the Nokia device you will need to export it in Internet Explorer, copy it to the device (memory card, sync cable, etc) and then click on it to install – specifically press the Menu button -> Office -> File Manager and browse to the file and then click it. For instructions on exporting the certificate in Internet Explorer, please see “To export the certificate file to the shared folder so the mobile device can access it” section on page 25 of the “Deploying Windows Mobile 5.0 with Windows Small Business Server 2003” whitepaper.