Geeks With Blogs

News Clicky Web Analytics

web stats View David Caddick (davidcaddick@gmail.com)'s profile on LinkedIn

Search this Site!

Locations of visitors to this page
View My Stats eXTReMe Tracker
This posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed within are my own and should not be attributed to any other Individual, Company or the one I work for. I just happen to be a classic techie who is passionate about getting things to work as they should do (and are sometimes advertised and marketed as being able to?) and when I can I drop notes here to help others falling in to the same traps that I have fallen in to. If this has helped then please pass it on - if you feel that I have commented in error or disagree then please feel free to discuss with me either publically or privately? Cheers, Dave
Thin Clients, VDI and Linux integration from the front lines.... Raw and sometimes unedited notes based on my experiences with VMware, Thin Clients, Linux etc.

As it turns out it's possible that the cert wasn't necessary as one of my colleagues (Thanks Alex!) pointed out "just uncheck the SSL box and it should be fine" - and lo and behold it was!!

So although I've now proved it works, I'm still a bit miffed on a few accounts:

  1. Why can't it be using SSL? (I think this is related to point 2?)
  2. We still have the security team at our place insisting that OWA hides behind the FW-1, so everyone who wants/needs access to OWA needs to have an account set up on the FW.....  so to get Outlook Email to the C600 I need to: access OMA from the handset - get it to use the cached credentials to get past the FW - then when OMA is successful, I can then run the ActiveSync to get Outlook email... (go figure?)
  3. Got a rather unsatisfactory reply from Orange Developers regarding the Application Unlocking of the device - more on this later!! (next blog?) 
  4. Orange Developers also appear to be under the assumption that if you have an Equifax Root Cert (listed as Equifax Secure Certificate) on the phone that this will work for all manner of Equifax Server Certs...  And the same applies to any other supplier of Root Certs??? Just for reference ours is a "Equifax Secure Global eBusiness CA-1"
  5. SO THEREFORE I shouldn't need to have the facility to add a Root Cert, acording to them, as the Equifax is already there - They then quoted MS KB841060 and yet this is actually entitled "How to add root certificates to Windows Mobile 2003 Smartphone and to Windows Mobile 2002 Smartphone" and I've already mentioned that I'm using the WM5 C600

Now as far as certs go, I would definitely like to point out that I'm not an expert by any means, but at last count there are 108 Trusted Root Certs on this browser that I'm using.

Of these, there are 20 different Verisign Certs for example and 7 different Thwate Certs, now the easiest way of trying to understand this would appear to be the Thawte model... as it doesn't take rocket science to understand (or even guess) that:

  • Thawte Personal Basic CA
  • Thawte Personal Freemail CA
  • Thawte Personal Premium CA
  • Thawte Premium Server CA
  • Thawte Server CA
  • Thawte Timestamping CA

All of these Certificate Roots are designed to serve different functions, quite possibly have different levels of back end redundancy? AND have a varying cost structure?

As such you would also expect that there is no way that Thawte is going to want you paying a small amount for a Personal Basic CA and then wanting it to verify against the "Premium Server CA" for instance? So it only stands to reason (and logic? ;-) that you are more than likely going to have to check the particular Cert that your company has installed on the Exchange Server and then ensure that you have a valid Root Cert on the device.

So, unless I'm completely larger'd (on Stella ;-) then these Orange Developer chaps have not quite got it right (or even close?), so this poses the question "Do I have to set to and educate these guys? Just so that I can get my phone to work the way I want?"

"Struth Mate" , why does it have to be so hard?

More on the Orange Developers answers regarding Application Unlocking next episode ;-)

Posted on Wednesday, February 1, 2006 8:18 PM C500/C600 SmartPhone (or replacement) , Citrix , Exchange and Push Email , IT Management , Real Cool Stuff , Microsoft Tips , Security | Back to top


Comments on this post: ActiveSync across the wire on the C600 - DONE!! (But interesting reply from Orange Developers)

No comments posted yet.
Your comment:
 (will show your gravatar)


Copyright © Dave Caddick | Powered by: GeeksWithBlogs.net