Indeed. Make no mistake, the iPhone was not intended to be secure (accept for Apple's stranglehold on app installations.) Its only been retrofitted to support corporate/secure environments - for which they still have a long way to go.
The iPhone Configuration Utility is a step in the right direction. -- ME2 On Wed, Jul 22, 2009 at 4:17 AM, Peter Johnson<peter.john...@peterstow.com> wrote: > Thanks very much for the info Michael. That strikes me as a bit of a security > risk though. > > > -----Original Message----- > From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] > Sent: 22 July 2009 04:19 > To: MS-Exchange Admin Issues > Subject: Re: OWA / SSL question > > Its true and not at the same time. Its true because no, you dont > install a self-signed cert. Its false that the iPhone "works" with > them, because it doesnt. It ignores the security condition. > > However, I believe you can put your own certs on an iPhone via the > iPhone Configuration Utility. > > http://www.macworld.com/article/134381/2008/07/iphone_config_utility.html > > http://www.apple.com/support/iphone/enterprise/ > -- > ME2 > > > > On Tue, Jul 21, 2009 at 7:50 PM, Greg > Wright<greg.wri...@wineselectors.com.au> wrote: >> This is the best response I have read so far on this subject. Of importance >> is the issue of mobile clients. Depending upon version, they vary from easy >> to install an un-trusted Authorities certificate to being impossible to >> install one. >> >> >> >> Jonathan Link said "#2 is not necessarily true. I did not install the >> self-signed cert into my iPhone." >> >> >> >> I am not sure about this being true, and would like to hear from others. My >> experience and opinion of others in my immediate vicinity who have set these >> up indicate that Self-Signed SSL certificates do not work with iPhone (just >> as with WinMobiles). Maybe you aren't using SSL in your OWA setup? >> >> >> >> From: Peter Johnson [mailto:peter.john...@peterstow.com] >> Sent: Wednesday, 22 July 2009 2:28 AM >> To: MS-Exchange Admin Issues >> Subject: RE: OWA / SSL question >> >> >> >> With regards to this issue I believe the following is true with a self >> signed certificate >> >> >> >> 1.) On the browsers the users would have to agree to continue to the site >> everytime until they add the certificate to the machine. This is a pain >> particularly with mobile users and OWA access from ad-hoc computers such as >> Internet Kiosks etc. >> >> 2.) Mobile phones using activesync will not work until the self signed >> cert is installed onto the device. This becomes an admin overhead. >> >> >> >> The worst case is if you have to rebuild the server in disaster recovery u >> generate a new certificate and the entire cycle starts all over again. I've >> been through this and it's not fun!! >> >> >> >> With regards to certificates I've used Digicert a few times and always had >> good results particularly with SAN certificates which you will need for >> Exchange 2007 going forward. >> >> >> >> Regards >> >> Peter Johnson >> >> >> >> >> >> >> >> >> >> From: Joe Heaton [mailto:jhea...@etp.ca.gov] >> Sent: 21 July 2009 16:46 >> To: MS-Exchange Admin Issues >> Subject: RE: OWA / SSL question >> >> >> >> I know about GoDaddy, and recommend it every time any of our 4 SSL certs >> come up for renewal. But the manager wants to stay with the "industry >> standard" Verisign. I'm the kind of guy that buys the Shasta colas, or the >> Sam's colas, because it's pretty much the same thing at half the price. >> >> >> >> I have also looked at generating our own cert, which really makes sense for >> this purpose, as it's only internal users that will be accessing OWA. What >> could they face from home, if I use a homemade cert? Are there browser >> issues, with certain browsers not liking homemade certs? >> >> >> >> Joe Heaton >> >> Employment Training Panel >> >> >> >> From: David Mazzaccaro [mailto:david.mazzacc...@hudsonhhc.com] >> Sent: Tuesday, July 21, 2009 8:42 AM >> To: MS-Exchange Admin Issues >> Subject: RE: OWA / SSL question >> >> >> >> If your cert expires, users will have to either configure their browsers to >> allow them to go the site, or click through warning/error messages to get >> there. >> >> I would believe depending on your mobile phone setup those users will have >> similar problems. >> >> Have you looked into generating your own internal certificate? >> >> >> >> CHEAP: I got 3 year SSL Cert for OWA from GoDaddy.com for $67.47 >> >> >> >> >> >> ________________________________ >> >> From: Joe Heaton [mailto:jhea...@etp.ca.gov] >> Sent: Tuesday, July 21, 2009 11:27 AM >> To: MS-Exchange Admin Issues >> Subject: OWA / SSL question >> >> Guys, >> >> >> >> Due to the budget issues here in California, my agency is down to the wire >> with renewing our SSL cert for Exchange. I've already told my manager that >> we can easily go with one of the cheaper alternatives, and have the same >> security, but she's really wanting to stick with Verisign. Due to this, our >> SSL cert may end up expiring. I've told her that the impact would be that I >> would have to turn off OWA. In addition, wouldn't our phones be affected? >> We're using Activesync on our Windows Mobile devices, and requiring the SSL >> connection. Would we be able to make a secure SSL connection without the >> cert? I'm thinking this is possibly a stupid question, but my brain is >> really fuzzy this morning. >> >> >> >> Joe Heaton >> >> AISA >> >> Employment Training Panel >> >> 1100 J Street, 4th Floor >> >> Sacramento, CA 95814 >> >> (916) 327-5276 >> >> jhea...@etp.ca.gov >> >> > > > > >