Geeks With Blogs

News Clicky Web Analytics

web stats View David Caddick (davidcaddick@gmail.com)'s profile on LinkedIn

Search this Site!

Locations of visitors to this page
View My Stats eXTReMe Tracker
This posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed within are my own and should not be attributed to any other Individual, Company or the one I work for. I just happen to be a classic techie who is passionate about getting things to work as they should do (and are sometimes advertised and marketed as being able to?) and when I can I drop notes here to help others falling in to the same traps that I have fallen in to. If this has helped then please pass it on - if you feel that I have commented in error or disagree then please feel free to discuss with me either publically or privately? Cheers, Dave
Thin Clients, VDI and Linux integration from the front lines.... Raw and sometimes unedited notes based on my experiences with VMware, Thin Clients, Linux etc.

I've been sent an email today from Orange because I'm signed up to their Developers site, and it seems they have finally cottoned on to the fact that not everyone has installed Verisign Certificates on their Exchange Servers - so now they have at least explained how to go about getting Root Certificates added to the latest devices (C600, M600, M3000, M5000, etc.) that have a higher level of security applied.

Anyway, head over to OrangePartners for the lowdown on how Orange thinks that you should do it.

Problem:
We recently released new versions of software for some of our Microsoft handsets C600, M3000 and M5000 that enable "push" email from Microsoft Exchange servers.  This email service uses SSL certification which means that the server and the handset must have matching certificates or key pairs so they know they are allowed to communicate with each other.  The handset has a public key and the server has a private key.

SSL certification can be achieved one of two ways. You can either:

 Buy an SSL certificate from a recognised supplier (e.g. VeriSign, Thawte, Equifax) and install it onto the Microsoft Exchange email server (recommended solution).
 Install your own certificate (self created) onto the server and handsets.  

However, installing your own certificate on the handset is not an option without either having a privileged application installed, or having your device unlocked.

The solution?
We will create a privileged application that will install the certificate on the handset for you.

Just create a file called _setup.xml and send it to Orange Partner. The XML should have the following format.

I'd be willing to bet that Orange didn't really count on the sheer volume of requests or the number of people (like me?) who've been keeping track of all of this technology, just waiting for it to finally get to the point where it will "do what it says on the tin"?

I'm currently going through the final steps back in the Office so that we can enable Certificate based Authentication from the handsets to the Exchange Server - Once I've got that working correctly I'll post the *gotcha's* here.

Posted on Tuesday, April 4, 2006 10:05 AM C500/C600 SmartPhone (or replacement) , Exchange and Push Email , IT Management , Real Cool Stuff , Microsoft Tips | Back to top


Comments on this post: Orange finally waking up to how Certificates work in the real world?

# re: Orange finally waking up to how Certificates work in the real world?
Requesting Gravatar...
certificates security orange
Left by Tincaba on Sep 12, 2008 6:53 PM

Your comment:
 (will show your gravatar)


Copyright © Dave Caddick | Powered by: GeeksWithBlogs.net