Its true and not at the same time. Its true because no, you dont install a self-signed cert. Its false that the iPhone "works" with them, because it doesnt. It ignores the security condition.
However, I believe you can put your own certs on an iPhone via the iPhone Configuration Utility. http://www.macworld.com/article/134381/2008/07/iphone_config_utility.html http://www.apple.com/support/iphone/enterprise/ -- ME2 On Tue, Jul 21, 2009 at 7:50 PM, Greg Wright<greg.wri...@wineselectors.com.au> wrote: > This is the best response I have read so far on this subject. Of importance > is the issue of mobile clients. Depending upon version, they vary from easy > to install an un-trusted Authorities certificate to being impossible to > install one. > > > > Jonathan Link said “#2 is not necessarily true. I did not install the > self-signed cert into my iPhone.” > > > > I am not sure about this being true, and would like to hear from others. My > experience and opinion of others in my immediate vicinity who have set these > up indicate that Self-Signed SSL certificates do not work with iPhone (just > as with WinMobiles). Maybe you aren’t using SSL in your OWA setup? > > > > From: Peter Johnson [mailto:peter.john...@peterstow.com] > Sent: Wednesday, 22 July 2009 2:28 AM > To: MS-Exchange Admin Issues > Subject: RE: OWA / SSL question > > > > With regards to this issue I believe the following is true with a self > signed certificate > > > > 1.) On the browsers the users would have to agree to continue to the site > everytime until they add the certificate to the machine. This is a pain > particularly with mobile users and OWA access from ad-hoc computers such as > Internet Kiosks etc. > > 2.) Mobile phones using activesync will not work until the self signed > cert is installed onto the device. This becomes an admin overhead. > > > > The worst case is if you have to rebuild the server in disaster recovery u > generate a new certificate and the entire cycle starts all over again. I’ve > been through this and it’s not fun!! > > > > With regards to certificates I’ve used Digicert a few times and always had > good results particularly with SAN certificates which you will need for > Exchange 2007 going forward. > > > > Regards > > Peter Johnson > > > > > > > > > > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: 21 July 2009 16:46 > To: MS-Exchange Admin Issues > Subject: RE: OWA / SSL question > > > > I know about GoDaddy, and recommend it every time any of our 4 SSL certs > come up for renewal. But the manager wants to stay with the “industry > standard” Verisign. I’m the kind of guy that buys the Shasta colas, or the > Sam’s colas, because it’s pretty much the same thing at half the price. > > > > I have also looked at generating our own cert, which really makes sense for > this purpose, as it’s only internal users that will be accessing OWA. What > could they face from home, if I use a homemade cert? Are there browser > issues, with certain browsers not liking homemade certs? > > > > Joe Heaton > > Employment Training Panel > > > > From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] > Sent: Tuesday, July 21, 2009 8:42 AM > To: MS-Exchange Admin Issues > Subject: RE: OWA / SSL question > > > > If your cert expires, users will have to either configure their browsers to > allow them to go the site, or click through warning/error messages to get > there. > > I would believe depending on your mobile phone setup those users will have > similar problems. > > Have you looked into generating your own internal certificate? > > > > CHEAP: I got 3 year SSL Cert for OWA from GoDaddy.com for $67.47 > > > > > > ________________________________ > > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: Tuesday, July 21, 2009 11:27 AM > To: MS-Exchange Admin Issues > Subject: OWA / SSL question > > Guys, > > > > Due to the budget issues here in California, my agency is down to the wire > with renewing our SSL cert for Exchange. I’ve already told my manager that > we can easily go with one of the cheaper alternatives, and have the same > security, but she’s really wanting to stick with Verisign. Due to this, our > SSL cert may end up expiring. I’ve told her that the impact would be that I > would have to turn off OWA. In addition, wouldn’t our phones be affected? > We’re using Activesync on our Windows Mobile devices, and requiring the SSL > connection. Would we be able to make a secure SSL connection without the > cert? I’m thinking this is possibly a stupid question, but my brain is > really fuzzy this morning. > > > > Joe Heaton > > AISA > > Employment Training Panel > > 1100 J Street, 4th Floor > > Sacramento, CA 95814 > > (916) 327-5276 > > jhea...@etp.ca.gov > >