Until recently, we used an internally generated cert for all of our devices WM5/6 devices. Part of the deployment process was to install the certs on the device, and it had to be repeated every time the device was deployed. When we first started using these (back when Exchange 2003 SP2 first came out with WM5 devices) many devices were locked down so much that there wasn't a way to even install our own certs. I've never found a way to install them so that they will survive a device wipe.
-----Original Message----- From: Joe Heaton [mailto:jhea...@etp.ca.gov] Sent: Monday, July 27, 2009 9:05 AM To: MS-Exchange Admin Issues Subject: RE: Activesync issue Ahh, I got ya. So the cert won't stay on the mobile device after a wipe? That's interesting. The whole reason I was looking at doing that, was for next year when we renew. There's no reason to pay the $995 for an Exchange cert, so we would be downgrading back to the standard cert, and would need that root cert on the devices... Joe Heaton Employment Training Panel -----Original Message----- From: Tim Evans [mailto:tev...@sparling.com] Sent: Monday, July 27, 2009 8:43 AM To: MS-Exchange Admin Issues Subject: RE: Activesync issue The upgraded cert shouldn't be a problem if the root cert is already on the device. It sounded like you were going to install the missing root cert on all your devices. I was just pointing out that I didn't see much of a reason to install the missing root cert on those devices because you'll have to reinstall it every time you wipe a device. I can see now that what I typed didn't say that, so I'll just chalk it up to a Monday morning and crawl back in my hole. ...Tim > -----Original Message----- > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > Sent: Monday, July 27, 2009 8:36 AM > To: MS-Exchange Admin Issues > Subject: RE: Activesync issue > > Well, Verisign is saying that the upgraded cert uses the same root cert > as the cert we just renewed, so it should work with no issues. But I'll > let you guys know if that's not the case. :) > > Joe Heaton > Employment Training Panel > > > -----Original Message----- > From: Tim Evans [mailto:tev...@sparling.com] > Sent: Monday, July 27, 2009 8:15 AM > To: MS-Exchange Admin Issues > Subject: RE: Activesync issue > > FYI, if you migrate to the new cert, it won't be much different that > using a self signed cert for the WM5 & 6 devices. If the root cert isn't > installed in the firmware, you'll need to reinstall it after every time > you wipe the device. > > ...Tim > > > > -----Original Message----- > > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > > Sent: Monday, July 27, 2009 7:55 AM > > To: MS-Exchange Admin Issues > > Subject: RE: Activesync issue > > > > So, after enjoying my weekend, I came into work this morning and > > contacted Verisign support. Apparently, Microsoft has confirmed that > > they forgot to include a Trusted Root cert with their Windows Mobile 5 > > and Windows Mobile 6 OSes. Due to this, Verisign is giving me a free > > upgrade to their SSL Pro cert, which still uses the old root cert. > They > > also sent me the missing root cert, so over the next 12 months, I can > > install this root cert to all my WM devices. > > > > Oh Yay! > > > > Joe Heaton > > Employment Training Panel > > > > -----Original Message----- > > From: Ellis, John P. [mailto:johnel...@wirral.gov.uk] > > Sent: Friday, July 24, 2009 8:10 AM > > To: MS-Exchange Admin Issues > > Subject: RE: Activesync issue > > > > See if you can download a root cert from verisign and reapply it. > > > > -----Original Message----- > > From: Joe Heaton [mailto:jhea...@etp.ca.gov] > > Sent: 24 July 2009 15:59 > > To: MS-Exchange Admin Issues > > Subject: RE: Activesync issue > > > > I looked at the root certs on the phone, and there are some that have > > expired, but none that expired yesterday, which is when Activesync > > stopped working. > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote also confirms that this email message has been swept by > > MIMEsweeper for the presence of computer viruses. > > > > www.clearswift.com > > ********************************************************************** > > > > > > > > > > > > > >
