Previous Thread:   Activesync and Exchange 2K3

11/25/2005 8:32:38 AM    Re: certchk
No not that I'm aware of, what happens when you use the version that's out  
  
now?  Also if you import the root cert from you ca to your device you won't  
  
need to disable cert checking.  
  
--  
  
--  
  
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)  
  
The MS-MVP Program - http://mvp.support.microsoft.com  
  
This posting is provided "AS IS" with no warranties, and confers no  
  
rights...  
  
"MR" <comconix@newsgroup.nospam> wrote in message  
  
news:%23MA%234wZ8FHA.1416@TK2MSFTNGP09.phx.gbl...



11/25/2005 10:42:48 AM    certchk
is there a new certchk to allow users with Windows Mobile devices to connect  
  
to Exchange servers without verifying the root certificate authority against  
  
the certificate trust list on the device?  
  
I am using a device with Windows Mobile 2005, activesync 4.1 and excahnge  
  
2003 sp2  
  
thanks

11/25/2005 4:44:33 PM    Re: certchk
There is not a version available and from what I have read in a blog by a  
  
member of the MS WM5 team there is no plans to release one..... This is  
  
frustrating as WM5 does not support self generated or trusted wildcard certs  
  
Looks like MS have given a big nod to the cert sellers!!!  
  
I hope they review this soon and give us a new way of disabling trusted  
  
certificate checking....  
  
"MR" <comconix@newsgroup.nospam> wrote in message  
  
news:%23MA%234wZ8FHA.1416@TK2MSFTNGP09.phx.gbl...

11/26/2005 4:18:28 PM    Re: certchk
Is that a fact - that WM5 does not support self generated certificates  
  
from a CA other than the trusted cert sellers in the wild?  
  
This would explain the difficulties that I am having with SSL and  
  
activesync on WM5 and Exchange 2003 SP2.  
  
Has anyone experienced similar?  
  
Dave Lee wrote:

11/27/2005 12:12:43 PM    Re: certchk
"Dave Lee" <abuse@aol.com> wrote:  
  
??? The CA that generated my root cert isn't trusted by any other CA  
  
and I added it with no problem, just as I have in the past with  
  
previous versions of the MS O/S's on PDA's and smartphones.  
  
I'm able to use the "Work" network to connect to my employer's VPN,  
  
too.  
  
Or are you complaining that the device you have is locked and the  
  
carrier won't let you add the cert? I've had phones that were like  
  
that, but I got rid of them.  
  
Okay.  
  
--  
  
Rich Matheisen  
  
MCSE+I, Exchange MVP  
  
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm  
  
Don't send mail to this address mailto:h.pott@getronics.com  
  
Or to these, either:  
  
mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com

11/27/2005 1:56:11 PM    Re: certchk
WM5 does NOT support self genrated certs FACT  
  
WM5 does NOT support trusted wildcard certs FACT  
  
Frustrated? Find out more and add your opinion here  
  
http://blogs.msdn.com/windowsmobile/archive/2005/11/03/488924.aspx?CommentPosted=true#commentmessage  
  
"Daryan" <paul@blueskies.ws> wrote in message  
  
news:1133050708.369963.132580@o13g2000cwo.googlegroups.com...

11/27/2005 2:31:43 PM    Re: certchk
Hmm  I have no problems with certs from my CA on any of my WM5 devices  
  
either.  The fact that you had problems with 2003 would mean that something  
  
else is wrong.  On my sprint 6700 I was able to just import the cert but for  
  
my jasjar I had to use the cert tool on the device but it worked after that.  
  
--  
  
--  
  
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)  
  
The MS-MVP Program - http://mvp.support.microsoft.com  
  
This posting is provided "AS IS" with no warranties, and confers no  
  
rights...

11/27/2005 6:04:39 PM    Re: certchk
"Dave Lee" <abuse@aol.com> wrote:  
  
By "self generated" you mean what? Were the certs created by a CA  
  
that's not trusted by anyone else (i.e. a "stand-alone CA"), or are  
  
the certs created by some other means?  
  
I did. And I'll say it again, I installed the root certificate for a  
  
stand-alone CA without any problem. But the device is unlocked, so  
  
that shouldn't surprise you.  
  
--  
  
Rich Matheisen  
  
MCSE+I, Exchange MVP  
  
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm  
  
Don't send mail to this address mailto:h.pott@getronics.com  
  
Or to these, either:  
  
mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com

11/27/2005 6:35:14 PM    Re: certchk
We have self generated certs that did not work on our old WM2003 devices  
  
without using certchk to disable the trusted root check. We now have new SPV  
  
C600  WM5 devices that do not work.  
  
Check the blog....  
  
"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message  
  
news:8gojo11adu7neadsakmlvhjlr6fb9apsme@4ax.com...

11/28/2005 4:21:11 PM    Re: certchk
MR,  
  
If you are using self generated certificates using an internal CA for  
  
example you need to install both the self issued CA root certificate  
  
and the certificate for the mail server that you are accessing that has  
  
been issued by the CA.  
  
Cheers,  
  
Paul  
  
MR wrote:

11/28/2005 5:17:20 PM    Re: certchk
we have the MS Certificate installed on our server.  
  
can you pont me to directions on how to create and retreive a certificate?  
  
the server is 2003 professional, using excahnge 2003 sp2  
  
ithe device is a JASJAR  (Windows Mobile 2005) i synchronize with ActiveSync  
  
4.1  
  
thanks  
  
"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM> wrote in message  
  
news:8gojo11adu7neadsakmlvhjlr6fb9apsme@4ax.com...

12/1/2005 10:57:26 AM    Re: certchk
With the jasjar you can't install the cert by copying it over to the device.  
  
I had this same problem happen and the resolution is to use the enroller  
  
tool that comes on the jasjar.  That will install a user cert and root cert  
  
on the device.  You can use the enroller tool while the device is connected  
  
to activesync or over wifi if you are connected to the same network as your  
  
cert server.  
  
--  
  
--  
  
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)  
  
The MS-MVP Program - http://mvp.support.microsoft.com  
  
This posting is provided "AS IS" with no warranties, and confers no  
  
rights...  
  
"MR" <comconix@newsgroup.nospam> wrote in message  
  
news:ed3xjXm9FHA.1480@TK2MSFTNGP10.phx.gbl...

12/1/2005 12:56:27 PM    Re: certchk
i installed them both (they both appear in the root though) and it does not  
  
work. i cannot synchronize with SSL enabled  
  
"Daryan" <paul@blueskies.ws> wrote in message  
  
news:1133223671.872996.182600@o13g2000cwo.googlegroups.com...

12/4/2005 12:40:42 PM    Re: certchk - I also want to know how to solve this issue.
You will need to add not only the server cert to your device but also the  
  
root cert.  Depending on the device you have it can be as simmple as copying  
  
the exported cert to your device and importing it using the file explorer.  
  
For devices like the universal and jasjar you will need to use either the  
  
cert import utility on the device or use a third party program which can  
  
import certs.  I haven't tried the last solution so I can't recommend any  
  
other utilies for that.  
  
--  
  
--  
  
Eric Hicks [That_Kid] (MS-MVP Mobile Devices)  
  
The MS-MVP Program - http://mvp.support.microsoft.com  
  
This posting is provided "AS IS" with no warranties, and confers no  
  
rights...  
  
"Tony" <Tony.sh.cn@gmail.com> wrote in message  
  
news:%234nqY7K%23FHA.3340@TK2MSFTNGP12.phx.gbl...

12/4/2005 4:44:52 PM    Re: certchk - I also want to know how to solve this issue.
When using WM2003, I can use a tool named "certchk.exe"(provided by MS) to  
  
disable certificate check because my exchange server does not have a trusted  
  
certificate, but this tools doesn't work on WM5.0, would you please tell me  
  
how to solve this issue?  
  
Thank you!  
  
"Rich Matheisen [MVP]" <richnews@rmcons.com.NOSPAM.COM>  
  
??????:8gojo11adu7neadsakmlvhjlr6fb9apsme@4ax.com...

12/7/2005 7:47:46 PM    Re: certchk - I also want to know how to solve this issue.
Sorry, I didn't see this. I just posted how to do this.  
  
Recap.  
  
FYI: Certchk.exe won't work on WindowsMobile 5.0. The layout of the registry  
  
has changed.  In the devices registry  
  
[HKEY_CURRENT_USER\Software\Microsoft\ActiveSync\Partners\{GUID}] set  
  
"Secure" to 0. There may be more than one GUID under partners, so look at  
  
the "Server" to see where it is syncing.  
  
This only bypasses the validation of the certificate on the device. You will  
  
still need a cert if you are syncing SSL  
  
--  
  
Carl Wolz [MSFT]  
  
This Posting is provided "AS IS" with no warranties, and confers no rights.  
  
"Tony" <Tony.sh.cn@gmail.com> wrote in message  
  
news:%234nqY7K%23FHA.3340@TK2MSFTNGP12.phx.gbl...

1/4/2006 2:39:02 PM    Re: certchk
This isn't true. The fact is that you need manager access to add a new root  
  
cert to some Smartphones.  
  
On a Pocket PC device you should be able to install the certificate to the  
  
ROOT store with no problem, and on many Smartphones as well depending on the  
  
operator and configuration. For Sprint and Verizon phones, for instance, you  
  
can use the signed version of spaddcert that's available on microsoft.com.  
  
--------  
  
"Dave Lee" <abuse@aol.com> wrote in message  
  
news:O14zSp18FHA.1420@TK2MSFTNGP09.phx.gbl...  
  
--  
  
Scott Yost  
  
Software Development Engineer/Test  
  
Microsoft Corp.  
  
This posting is provided "AS IS" with no warranties, and confers no rights.

1/9/2006 11:41:35 AM    Re: certchk
Scott,  
  
Would it not be more helpfull to supply a util like certchk ;-)  
  
"Scott Yost [MSFT]" <scyost@online.microsoft.com> wrote in message  
  
news:eB$aq%23XEGHA.2648@TK2MSFTNGP11.phx.gbl...

1/9/2006 2:08:19 PM    Re: certchk
You're right, it absolutely would. Unfortunately that functionality isn't  
  
present on WM 5.0 so it's not as simple as setting a reg key like it was  
  
before. At the moment there aren't any easy workarounds for WM5.0 or MSFP  
  
that I know of. (if I hear of one I will shout it to the hills!)  
  
--  
  
Scott Yost  
  
Software Development Engineer/Test  
  
Microsoft Corp.  
  
This posting is provided "AS IS" with no warranties, and confers no rights.  
  
"Dave Lee" <abuse@aol.com> wrote in message  
  
news:uWQAnGRFGHA.3064@TK2MSFTNGP10.phx.gbl...

1/10/2006 12:29:54 AM    Re: certchk - I also want to know how to solve this issue.
Will this work for wildcard certs?  
  
"Carl Wolz [MSFT]" <carlw@online.microsoft.com> wrote in message  
  
news:eMTpno6%23FHA.1028@TK2MSFTNGP11.phx.gbl...

1/10/2006 4:49:19 PM    Re: certchk
Thanks Scott  
  
I will be listening!!!!  :-)  
  
"Scott Yost [MSFT]" <scyost@online.microsoft.com> wrote in message  
  
news:OFZRPpYFGHA.644@TK2MSFTNGP09.phx.gbl...

2/6/2006 7:18:07 AM    Re: certchk
Any news on this? I have a WM5.0 device that I created a local  
  
certificate and copied to the device.  When I try to execute/install  
  
it, I get a message that says 'cannot access certificate'.  Is buying a  
  
certificate a sure fire way to make this work?  I could have saved time  
  
and money by doing that at the outset of this process.  
  
I bought this thing thinking the direct push was working, just like an  
  
earlier poster said.

2/6/2006 9:38:35 PM    Re: certchk
When using a self-signed cert you must first get the root cert installed  
  
onto the mobile device before you can install your user cert.  
  
Check out this blog post for a little more info -  
  
http://blogs.msdn.com/windowsmobile/archive/2005/11/03/488924.aspx  
  
<bradjoiner@gmail.com> wrote in message  
  
news:1139239087.287098.171130@g14g2000cwa.googlegroups.com...