i am the it admin for a bank and the only way we can roll out active sync is to require client certs for the users. These certs are created from an internal certificate authority and are not a 3rd party cert.
I have configured exchange so that activesync requires a cert and can no longer setup the handhelds.
I have a droid incredible running htc mail and touchdown. I was able to get it working in touchdown but not in htc mail. i also cannot get it working using the stock android mail client.
I want to get this working using htc mail and stock android client but am having a hard time. If i turn off certificates on the web application of the exchange server it works perfectly fine and touchdown works when i turn certs back on so i know things are setup.
I put the client certs on the phone by moving pfx files (which means i am exporting the private key too) and renaming them to p12 for android to read.
I am assuming based on some reading that the issue is that maybe it cant trust the cert authority... so i tried to import that cert to the phone. The only way i can export it is to do it as a cer file, but when i rename it to import into the phone it thinks there is a password when there isnt. I tried a blank password and that does not work either.
I found a tool that lets you upload a cer to a site and then download it... unfortunately this is not working either. I just dont understand how Google (or the hardware manufacturers) didnt make this seamless... just amazes me we have issues like this...
Please help me get this working. I have to get rid of this damn bberry.. i hate it sooo much
I have configured exchange so that activesync requires a cert and can no longer setup the handhelds.
I have a droid incredible running htc mail and touchdown. I was able to get it working in touchdown but not in htc mail. i also cannot get it working using the stock android mail client.
I want to get this working using htc mail and stock android client but am having a hard time. If i turn off certificates on the web application of the exchange server it works perfectly fine and touchdown works when i turn certs back on so i know things are setup.
I put the client certs on the phone by moving pfx files (which means i am exporting the private key too) and renaming them to p12 for android to read.
I am assuming based on some reading that the issue is that maybe it cant trust the cert authority... so i tried to import that cert to the phone. The only way i can export it is to do it as a cer file, but when i rename it to import into the phone it thinks there is a password when there isnt. I tried a blank password and that does not work either.
I found a tool that lets you upload a cer to a site and then download it... unfortunately this is not working either. I just dont understand how Google (or the hardware manufacturers) didnt make this seamless... just amazes me we have issues like this...
Please help me get this working. I have to get rid of this damn bberry.. i hate it sooo much