Getting the Certificate on to your Mobile Device

  • Article

I don’t want it to be a big dramatization in getting your certificate onto your mobile device. Small Business Server creates a self-signed certificate for the Default Web Site when you run the Configure Exchange and Internet Connection Wizard (CEICW).  This certificate is used for sites that require SSL, such as OWA.  

 

You can also configure your mobile device to synchronize with the Exchange server using SSL so that your data is not sent over the Internet in clear text.  Below I describe the simplest way of getting that certificate to the device without using any tools.

 

  1. Export the certificate

 

For SBS servers, go to the C:\ClientApps\SBSCert folder.  If you have ISA installed, you will get the file named ISAcert.cer. If you do not have ISA installed, the file name is Sbscert.cer.

 

This is the public certificate that you will send to your mobile device.  It is already exported to a .cer file for you.

 

Note: If you do not have ISA on the server, you can export the certificate directly from the Default Web Site in the IIS Manager snap-in.

 

If you have IIS installed, you will need to export the certificate using the Certificates MMC snap-in.

 

To export the certificate using the MMC the steps would be:

 

    • Click Start, click Run, type mmc , and then click OK. 
    • On the File menu, click Add/Remove Snap-in, and then click Add. 
    • In the Add Standalone Snap-ins dialog box, click Certificates, click Add, click Computer account, click Next, and then click Finish. 
    • In the Add Standalone Snap-ins dialog box, click Certificates, click Add, click My Computer account, and then click Finish. 
    • Click Close, and then click OK. 
    • To export the client certificate from the local Computer store, follow these steps: expand Certificates – Local Computer, expand Personal, and then click Certificates. 
    • Right-click the computer certificate, click All Tasks, click Export, and then click Next. 
    • If the Yes, export the private key option is not available, the ASP.NET Web application cannot use the client certificate. You must obtain another client certificate. To do this, follow the instructions in Step 1 and Step 2. Otherwise, click Yes, export the private key, and then click Next two times. 
    • In the Password box and in the Confirm Password box, type a password, and then click Next. 
    • In the File name box, type a file name. Click Next, and then click Finish. 
    • In the Certificate Export Wizard dialog box, click OK. 

 

 

  1. Configure the mobile device to sync with the Exchange server, but not using SSL just yet.
  2. Send the certificate, from Step1, to the mobile device.  (Exchange cannot be configured to delete attachments with the .cer extension.)
  3. Synchronize with the Exchange server to receive the certificate. You may need to sync twice to get the attachment.
  4. Click on the attachment and choose Yes to install the certificate.
  5. In Microsoft ActiveSync, check the checkbox to use SSL now.
  6. You are now synching securely between your mobile device and the Exchange server.

Great day to you!

 

Stephanie Doakes & Roderick White