I applauded the move for Windows mobile 5 now supporting certificate authentication for Activesync. I thought I'd share a couple of points about this that I get regularly asked.
- You can use either the certificate OR login name, not both on a configured device. The certificate replaces the login name and password.
- The only way to obtain the certificate currently is to cradle the device to a pc attached to the network that holds the local certificate authority.
- The cert enrollment tool for getting a personal cert that comes on most WM5 PPC edition is basic, and can only get a cert if you use the default templates on your cert authority. You need to do some coding otherwise, and most WM5 smartphones (depends on vendor) will need an app done as well.
- This personal cert for Activesync authentication has nothing to do with the SSL Activesync connection. As a result, the authentication of the certificate for Activesync is not completed until the traffic hits the front end exchange server. SSL bridging/termination does not affect this. (Having said this, I'm testing this in 2 weeks cause I haven't seen it running yet)
- This feature, as well as policy enforcement through the feature pack for exchange, is not available until the device ROM AKU 2.0 is available in mid November. Your current WM 5.0 can't utilise any of these features on AKU 1.1. (Most AKU 1.1 devices have an upgrade path through the vendor)
These are some of the basics, if you need any more info, post a comment and I'll get back to you.
Neil