Windows Mobile SSL Certificates

Size: px
Start display at page:

Download "Windows Mobile SSL Certificates"

Transcription

1 Windows Mobile SSL Certificates Configuring Security Enhanced Communication on Exchange Server 2003 SP2 or 2007 with Windows Mobile Powered Devices White Paper Published: May 2007 For the latest information, please see Abstract This paper describes how trust is established on the Web through Certificate Authorities, how Digital Certificates help establish that trust, and how Secure Sockets Layer (SSL) relies on certificates to function. Windows Mobile powered devices use SSL to enhance communication security. The whitepaper will then refocus on how to setup security enhanced communications between Exchange and mobile devices by obtaining and installing digital certificates. The whitepaper covers both Exchange Server 2003 SP2 and Exchange Server 2007, and includes both Windows Mobile 5.0 and Windows Mobile 6 powered devices.

2 The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property Microsoft Corporation. All rights reserved. The example companies, organizations, products, domain names, addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, address, logo, person, place, or event is intended or should be inferred. Microsoft, Active Sync, Outlook, Windows, Windows Mobile, Windows Server, and the Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

3 Table of Contents Overview... 4 Secure Certificates and Certificate Authorities... 4 What is SSL?... 4 How does SSL work?... 4 What is a Certificate Authority?... 6 Root, Intermediate and Self-Signed Certificates... 8 Exchange Server 2007 and 2003 Communication with Mobile Clients Installing SSL with Exchange ActiveSync Step 1 - Obtaining and Installing certificates on the Exchange Server Step 2 - Obtaining and Installing Certificates on Windows Mobile devices Summary Appendix A - Examining pre-installed certificate authorities on Windows Mobile Devices Appendix B Exporting Root Certificate Appendix C Root Certificate Installation on Specific Devices and Mobile Operators Appendix D Common Troubleshooting Scenarios... 23

4 Overview Mobile Devices provide an important way to access corporate messaging services such as Microsoft Exchange while the users are on-the-go. Since most of the information that passes through the Exchange Server , calendar, and contacts is sensitive, it is important to secure communications between the mobile clients and the server. This is accomplished through Secure Sockets Layer (SSL) technology. SSL relies on Digital Certificates to encrypt the communications channel between the Exchange Server and the mobile device. In this whitepaper, you will first get an overview on how trust is established on the Web through Certificate Authorities, how Digital Certificates help establish that trust, and how Secure Sockets Layer relies on certificates to function. With that as background, we will then switch gears and look at how to setup security enhanced communications between Exchange and mobile devices by obtaining and installing digital certificates. The whitepaper covers both Exchange Server 2003 SP2 and Exchange Server 2007, and the discussion will include both Windows Mobile 5.0 and Windows Mobile 6 powered devices. Secure Certificates and Certificate Authorities What is SSL? SSL stands for Secure Sockets Layer, and it refers to technology that helps secure communication over the internet. When an internet browser connects to a merchant over SSL, after verifying the merchant s identity, all information sent between the customer and the merchant is encrypted. Encryption scrambles the message into unintelligible form that is only understood by the server; any malicious attacker cannot read it. SSL Technology is the de-facto standard used to provide online banking and other security enhanced communications. Most banks use SSL to protect sensitive communications with their clients; some examples can be found here and here. SSL works by using certificates to generate the encryption. SSL certificates have two roles: 1. To verify the identity of the server to prevent spoofing, or faking the server s identity. In this role, digital certificates are analogous to an identification document or digital signature, as we will see below. 2. Once identity is validated, SSL helps secure communications between two parties by generating a key necessary to encrypt the communication. When communication with a website is secured with SSL, the browser provides some indication that SSL is in place. Most browsers display a closed padlock icon to indicate an active SSL link. Additionally, the website name will show the prefix. How does SSL work? The SSL security process works using a process similar to special type of lock that has two keys. If an open lock is closed using key A, only key B can unlock it. Alternatively, if the lock is locked with key B,

5 only key A unlocks it. One of the keys is called a Public Key, and another Private Key. The public key can be given out to anybody, but the private key is known only to one person. Let s examine the two roles played by SSL Certificates and how this lock models them. 1. Verify Identity of Server. Suppose we have two parties, Bob, a banking customer, and Matilda, an online bank. Bob visits Matilda s bank and wants to check his balance. However, before entering his account password, Bob wants to make sure he is in fact communicating with Matilda s bank. Matilda likewise is afraid that somebody else might spoof her bank and compromise her clients. Matilda can use the private / public key system to prove that she is in fact the online bank (see Figure 1). She will create a message (e.g. a page asking to enter the password), put it into a chest with the special lock, and lock it with her own private key (key B). Anybody who gets access to the chest can open it using Matilda s public key (key A) they know for a fact that Matilda was the sender, since she is the only one that has the private key to lock it. Nobody else can fake a message from Matilda, since spoofing it would require knowing her private key. Bob now knows that he is in fact communicating with Matilda. Open Matilda Closes Lock with Her Private Key Closed Bob Opens Lock With Matilda s Public Key Open Figure 1 Verify Identity 2. Secure Communications. Now, let s say that Bob requests his account balance. In this case, Matilda wants to secure the communications channel, and guarantee that only Bob can read the account balance. Matilda would then put the message into a chest with the special lock, and close it with Bob s public key, which many people have, including Matilda. Now, if somebody intercepts the chest, they cannot open it, since they don t have the private key for the lock. Only Bob has ability to open the lock, since he alone has the private key. The communications channel is thus secured (see Figure 2 below).

6 Open Matilda Closes Lock With Bob s Public Key Closed Bob Opens Lock with His Private Key Open Figure 2 Secure Communications SSL security works very similarly to the special lock described above. When a certificate is created, a public and private key pair is generated. The keys are stored as very long numbers that are difficult to duplicate. One key is given to the entity requesting the certificate (private key), is encrypted and stored locally, and another is published for all to see (public key). Encryption algorithms use those numbers to create an equivalent of the special lock, and thus helping secure communications between people. What is a Certificate Authority? Using public / private key pairs we can validate that only the entity that we are communicating with could have authored the information we receive from them. However, what assurances do we have that if an entity claims to be our bank, that they are in fact our bank? How do we know that the public key actually belongs to our bank? We have two choices: Simply trust their claim. This approach is potentially problematic since a malicious person can provide a public key claiming that they are our bank, and get sensitive information. The communication would be encrypted, but the user is trusting the wrong source. Verify that the key really does belong to the bank. If the key were a signature on a document, we would want the services of a Notary Public or other impartial witness who can verify the identity of the person making the signature. Verification of keys is where Certificate Authorities come into play. A Certificate Authority (CA) is a trusted third party that issues digital certificates. CAs typically verify that the party that requests a digital certificate for a resource does in fact own or manage that resource. In real life, this is analogous to being issued a driver s license. The jurisdiction that issues a license to an individual has procedures in place to validate that person s identity. After the license is issued by a trusted source, the person can use the issued license for identification. The license is backed up by the trust of the local government agency that issued the license, which acts as the Certificate Authority.

7 When a business needs an SSL certificate, it goes to one of the Certificate Authorities, and asks for an SSL certificate to be created. The Certificate Authorities have procedures in place to make sure that the person making the request is in fact a true representative of that company. After this validation process is completed, the certificate is issued. A SSL Certificate can contain the following information: o o o o o o The certificate holder s name Certificate serial number Expiration date after which the certificate is no longer valid Copy of certificate holder s public key Digital signature of the issuing certificate authority Location of CA s Certificate Revocation List (CRL), allows checking if a certificate has been recalled by the Certificate Authority The certificate is signed with CA s private key. Using CA s public key, the business, or their clients, can verify that the certificate really did come from the Certificate Authority, and that no one else could have created the certificate. However, in order for somebody to trust the authority, that person typically needs to know of existence of that authority. Nobody would accept a passport from a country called Contoso, for example, because such a country does not exist. Similarly, in order for a computer entity to trust a specific Certificate Authority, the entity needs to be told that the Certificate Authority is a valid authority. This is done by placing the root certificate (see below) of the CA into trusted root certificate store on the client.

8 Certificate Authority Trust Relationship Because Root CA Installed Trust Relationship Because Root CA Installed CA s Root Cert Client Client Trusts SSL Certificate Because it Trusts CA SSL Certificate, Signed By CA Server CA s Root Cert Figure 1 Establishing Trust using CA as Trusted Third Party To illustrate the concept further, let s examine the example in Figure 3. We have a server and a client that both need to trust each other. That means they both need to recognize the Certificate Authority. That is accomplished by installing CA s Root certificate into both the Client and Server Root Certificate Stores. A Root Certificate Store is special place that holds the CAs that computer knows about and trusts. Placing a certificate into respective root stores of the client and the server establishes two trust relationships one between Client and the CA, and another between the Server and the CA. When the CA issues a certificate, signs it using its private key, and the certificate is installed on the Server, the client can verify that it was in fact signed by the CA using the Root certificate s public key. This way, the client then knows it can trust the claims being made by the certificate. In practice, Windows Server 2003 comes with most common Root CA s pre-installed, so most of the time installing the Root CA on the Server is not necessary. Root, Intermediate and Self-Signed Certificates To stretch our analogy somewhat, in real world we use a chain of trust. The reason we trust a particular state is either because we know it well ourselves, or because somebody else we trust (i.e. the federal government) certifies the state is trustworthy. We therefore trust the local government, because it is

9 certified by the state government, which in turn is certified by the federal government. When accepting a license issued by the local government, we are ultimately relying on the authority of the federal government, since our trust chains back to it. On the web, this is called certificate chaining. The Root CA is like the federal government, and the CAs in the middle are called intermediate Certificate Authorities. They are the CAs in between a server certificate and a trusted Root Certificate Authority, allowing the chain of trust to be established between a certificate and the root CA. Figure 4 below illustrates this. The Exchange Server communicates with the device using its SSL certificate, signed by the Intermediate CA, which is in turn signed by the Root CA. The Root CA is self-signed. The Windows Mobile Device needs to have both the Root Certificate and the Intermediate Certificate installed in order to trust the Exchange certificate, or alternatively needs a way to request the intermediate certificate to make sure it s certified by a Root CA it trusts. ROOT CA Root Cert Chaining Intermediate CA Exchange Server Enrolled Cert Windows Mobile Device Root Cert Figure 2 Certificate Chaining Certificate Authorities issue their own root certificates. Root certificates are a crucial component of trust in the internet. When a user goes to a SSL-secured website (e.g. a shopping cart in an online store) the server sends its certificate. The client deems the server trustworthy if the server certificate chains back to a root certificate that is in the trusted root certificate store of the client s computer. If that is not the case then the user sees the This site is not trusted. Do you want to proceed (yes/no)? dialog. The root certificates are owned by CA vendors like VeriSign, Thawte and Valicert (used by GoDaddy.com).

10 The business model of the CA s is to make money by issuing certificates chained to their root. It is crucial to their business that their roots are present in as many OS platforms as possible. Hence they see OS vendors like Microsoft as valuable partners. As an operating systems vendor Microsoft ensures that only trustworthy root certificates are added to the platform out-of-the-box. The decision making process we follow to determine the list of eligible root certificates is fair, objective and unbiased. Windows has had a root certificate program in place for some time. In addition to businesses that issue certificates, companies can themselves become Certificate Authorities by using special software that allows them to issue certificates, for example, Microsoft Certificate Services. In that case, the company has to provide a root certificate that it itself signs, or a Self-Signed Certificate. This way, the company is asking other entities to trust the certificates that the company issues. However, to make this happen, the self-signed certificate has to be made trusted by adding it to the root certificate stores of the clients that will be communicating with servers using certificates issued by the company. In most cases, self-signed certificates are used for internal company applications rather than public facing applications. Another configuration that some companies use is setting up their own issuing Intermediate Certificate Authorities that are certified by one of the major certificate vendors and thus chain back to them. This allows them to decrease costs while still relying on a well-known CA. Some well known Certificate Authorities have their root certificates included with Windows Mobile 5.0 with Messaging and Security Feature Pack (MSFP) and Windows Mobile 6 Operating Systems and are thus supported out-of-the-box (See Table below). Therefore, the mobile devices running those operating systems will automatically trust digital certificates signed by those providers. Exchange Server 2007 and 2003 Communication with Mobile Clients Exchange 2003 Front-End Servers and the equivalent Client Access Servers in Exchange 2007 use Internet Information Server (IIS) for communicating with the clients over HTTPS (port 443). In order to make this communication more secure, the IIS server must have a valid SSL certificate. All Exchange services reside on the same IIS site, and thus can use the same certificate. If the IIS site already uses a certificate for one of the other Exchange services, the certificate can also be reused for Exchange ActiveSync. There are four services that can be secured over SSL, and each is accessible through a different URL (virtual directory) on the Exchange server: 1. Exchange ActiveSync (/Microsoft-Server-ActiveSync virtual directory in IIS) the primary protocol for connecting mobile devices to Exchange; it supports Direct Push. Allows the Outlook client on a mobile device to connect to Exchange over the air, or through Desktop ActiveSync connection.

11 2. Outlook Mobile Access (/OMA virtual directory in IIS) allows for mobile devices to access the exchange information through a browser. Similar to Outlook Web Access, but for mobile devices. Outlook Mobile Access is no longer available in Exchange Server Outlook Web Access (/Exchange virtual directory in IIS) allows users to get access to their and other information through a web browser. 4. RPC over HTTPS (/RPC virtual directory in IIS) allows Outlook clients to connect to Exchange from anywhere on the internet. Exchange ActiveSync is the primary communication technology with mobile clients in both versions of Exchange. In order for the communications to work, the mobile device needs to be able to trust the certificates found on the server. This trust between the mobile device and Exchange server is established through the mobile client recognizing the Certificate Authority that signed the Exchange Server s certificate. If the certificate used by the server is issued by a Certificate Authority that is included with Windows Mobile, the device will trust it. However, if the certificate is from another Certificate Authority, or is self-signed (meaning that the company is acting as its own Root Certificate Authority), then the device needs to add that the certificate of the CA into its trusted root store (see instructions below). Wildcard certificates allow issuing a certificate on domain level, meaning the same certificate can be used for both mail.yourdomain.com and Windows Mobile 5.0 devices do not support wildcard certificates, so in deployments using Windows Mobile Devices 5.0 with multiple frontend Exchange servers, separate SSL certificates need to be obtained for each server if you are planning to use Windows Mobile 5.0 devices. Windows Mobile 6 supports wildcard certificates, so the same wildcard certificate can be used on multiple front-end servers. Note: While non-security enabled communication is possible using HTTP (port 80), Microsoft strongly recommends using SSL for secure communication between mobile devices and Exchange Server. Installing SSL with Exchange ActiveSync In order to get SSL working, there are two general steps: 1. Obtain and install all necessary certificates on the Exchange Server 2. Install any necessary root certificates on Windows Mobile Devices. (Optional only needed if one of the out-of-the-box Certificate Authorities is NOT used to obtain certificate in step 1). Step 1 - Obtaining and Installing certificates on the Exchange Server

12 Step 1A Selecting a Certificate Authority There are many options for certificate authorities. Their service fees can range from less than thirty to a few thousand dollars per year, depending on level of service you require. Windows Mobile devices include a number of trusted Certificate Authority root certificates out-of-the-box (see Table 1). The included CA s root certificates are pre-installed into the root certificate store on the devices, and thus trust certificates signed by those CAs. You may want to consider obtaining a new certificate from one of the CAs in the table below as that will eliminate the need to install a new root certificate on each device. Table 1 Root certificates pre-installed on a Windows Mobile 5.0 and 6-based devices Windows Mobile 5.0 X Windows Mobile 6 X Class 2 Public Primary Certificate Authority (VeriSign, Inc.) Class 3 Public Primary Certificate Authority X X (VeriSign, Inc.) Entrust.net Certificate Authority (2048) X X Entrust.net Secure Server Certificate Authority X X Equifax Secure Certificate Authority X X GlobalSign Root CA X X GTE CyberTrust Global Root X X GTE CyberTrust Root X Secure Server Certificate Authority (RSA) X X Thawte Premium Server CA X X Thawte Server CA X X (used by GoDaddy.com) X * X Starfield Class 2 Certificate Authority Go Daddy Class 2 Certificate Authority GeoTrust Global CA Baltimore CyberTrust Root AddTrust External CA Root AAA Certificate Services X X X X X X *Windows Mobile 5.0 with Messaging and Security Feature Pack (MSFP). Note: Some device manufacturers may add or remove the provided certificates for particular Windows Mobile installations. See Appendix A for instructions on how to check the out-of-the-box certificates provided by your manufacturer.

13 If you are already using a SSL certificate on your front-end Exchange 2003 Server (Client Access Server in 2007), you can reuse the certificate for Exchange ActiveSync. As explained above, if the certificate you are using has been issued by one of the out-of-the-box CAs, your mobile devices already trust the Certificate Authority that signed the certificate. You don t need to install any additional certificates on your mobile devices and should now be able to test Exchange ActiveSync connectivity and can skip the following steps. If you are not using one of the out-of-the-box providers, and the number of devices that you are managing is large, you may want to consider obtaining a new certificate from one of the CAs on the list as that will eliminate the need to touch each device. Windows Mobile 5.0 and 6 support any certificate authority provided its root certificate is installed on the mobile device. However, some device manufacturers or mobile operators restrict the ability to add root certificates to Windows Mobile devices in order to provide an additional layer of security. Adding root certificates may require a special application. The application runs using the manager role, which allows writing to the registry and other restricted operations. For the devices that do restrict ability to install new certificates, a tool signed by the device manufacturer or mobile operator is required. Some manufacturers do not allow installing root certificates at all in that case only out-of-the-box CAs are trusted by the devices. If you decide to use a CA not supported out-of-the-box, check that the devices you are planning to use allow installing root certificates. Please see Appendix C for more information. Step 1B - Certificate Enrollment Once you select your Certificate Authority, you will need to enroll for a certificate. Enrolling means that you will submit a request from your web server to a CA to get approved and signed, so a SSL certificate can be issued. This request will include the server name you are planning to use, and a public key. The enrollment process associates your public key with a digital certificate that will allow users to validate your identity. This is similar to providing your address to a motor vehicles agency; you are making claims about where you live, which will later be verified before an identification document is issued. The enrollment process starts with generating a request from your web server (step 1 in Figure 5), which will include its identifying information. The IIS server will generate a file, called a Certificate Signing Request (CSR) that will be used when obtaining the SSL certificate from CA. When the CSR is generated, the server creates a pair of private-public keys, and stores the private key on the server. The CSR includes the public key. When it is submitted to the Certificate Authority, the CA uses the CSR to generate the SSL certificate, and signs the certificate with the CA s own private key. The Certificate Authority is responsible for validating the request and issuing a certificate. As part of the validation process, the CA may request supporting documentation to prove that you are authorized to make requests on behalf of your company and your domain name (Step 2 in Figure 5).

14 2. CA Performs Verification, Enrolls Certificate 1. Server Generates CSR Certificate Authority 3. Install Enrolled Certificate on Server 4. CA Root Certificate Installed on Device Server, has CA s Root Certificate Client Figure 3 Enrollment Process and Establishing Trust on Mobile Device For instructions on how to create the Certificate Request in IIS, please see the section Obtaining and Installing a Server Certificate in the Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2. This procedure is the same for both Exchange Server 2003 or 2007 version. The link above uses Microsoft Certification Service to obtain a SSL certificate, but other Certificate Authorities use a similar process. Note: The name that you use to register your server under MUST match the server name that the clients will use, so remember to register a Fully Qualified Domain Name (i.e. mail.contoso.com). Step 1C - Installing SSL Certificate on the Exchange server After validating the certificate request, the Certificate Authority will issue the digital certificate as a file. You will need to import that file into the IIS Web Site that Exchange runs under. This will connect the newly issued certificate to the private key that was generated by IIS when CSR was created (Step 3 in Figure 5). For instructions on how to install the certificate on Exchange 2003 front-end server or Exchange 2007 Client Access Server, please see the section To install the certificate in the Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2.

15 Note: If your certificate provider uses an intermediate CA, you will need to install the intermediate CA s certificate on the Exchange Server to allow for certificate chaining. For instructions for installing intermediate certificates please see appendix D. From the out-of-the-box CAs, GoDaddy.com requires intermediate CAs. Step 2 - Obtaining and Installing Certificates on Windows Mobile devices Windows Mobile will work with any Certificate Authority, both public and privately self-signed. If you used a SSL certificate issued by the Certificate Authority supported out-of-the-box by the OS, you do not need to perform this step, as your device should already trust the CA that issued Exchange Server s digital certificate. However, if your SSL certificate is not from one of the providers supported out-of-thebox, you will need to deploy the root certificate of your CA on each of the Windows Mobile devices you are planning to use with Exchange ActiveSync. This process will make each device trust the Certificate Authority that issued your certificate, and thus trust their certificates. Step 2A - Export the Certificate from the Exchange Server First, you need to export the root certificate corresponding to the Certificate Authority you used. Please see Appendix B for detailed instructions. You will obtain a.cer file, which contains the digital certificate and the public key of the Certificate Authority. This relates to the discussion about private and public keys above. In order to ascertain that a certificate was issued (signed) by a CA, we need to be able to decrypt a message encrypted with CA s private key. We can do that using CA s public key. The.CER file contains that public key we are about to distribute that public key to our mobile devices. Step 2B Adding a Root CA to a Windows Mobile 5.0 or Windows Mobile 6 devices Now that you have the certificate file, you need to install it on each device (Step 4 in Figure 5). The.CER file is safe to around to give to your users. 1. Copy.CER file to the Windows Mobile device. The certificate files can be delivered to the device via Desktop ActiveSync, removable storage card, or Mobile Internet Explorer file download. Windows Mobile 6 Professional devices also allow download from a file share. The File Explorer can connect to the file share and copy the certificate to your device. 2. On the Windows Mobile device, Open File Explorer 3. Locate the.cer file and open it 4. If you are prompted that you are about to install a certificate, select Yes to continue At this point, you should be able synchronize your Windows Mobile devices with Exchange ActiveSync. Note: For Windows Mobile 5.0 PocketPC Devices: If you receive the alert Security permission was insufficient to update your device., please contact your device manufacturer. Note: For Windows Mobile 5.0 Smartphone Devices: If you receive the alert Security permission was insufficient to update your device., you will need to follow additional steps to install the root certificate on your device, if your device supports it. Please see appendix C for additional instructions.

16 Note: For Windows Mobile 5.0 devices - If you or your certificate vendor are using an Intermediate CA, please follow this link for instructions on how to install the Intermediate CAs. Windows Mobile 6 supports Intermediate certificate out of the box, so the procedure for installing them is the same as for root certificates. For more information please see How to Install root certificates on a Windows Mobile-based device. Summary This whitepaper examined the fundamental concepts underlying all of digital security protocols. You learned how digital certificates and SSL are used to validate identity and secure communication channel. The text discussed the role of trust and how trust is established between Exchange Server and Mobile Devices through the use of trusted third parties (Certificate Authorities). Installing SSL certificates and establishing trust between the mobile devices, the Exchange Server and Certificate Authority is an important step in making the connection more secure. You should now have the background you need to enable your mobile users to use corporate messaging services.

17 Appendix A - Examining pre-installed certificate authorities on Windows Mobile Devices. To find out which certificates are pre-installed on your mobile device, follow these steps: 1. On your mobile device, go to Start Menu -> Settings. 2. Select System tab, and Click on Certificates. 3. Click Root tab, and browse through the root certificates installed on your device. You can also examine any intermediate certificates by clicking the Intermediate Tab (Windows Mobile 6 only).

18 4. To view more details about a certificate, click on the certificate in the list.

19 Appendix B Exporting Root Certificate To export the Root Certificate, follow the following procedure on the front-end Exchange 2003 server or Exchange 2007 Client Access Server. You need to open Certificate Manager, a program that allows you to view and manage certificates installed on your computer. Follow the instructions below to add Certificate Manager to Microsoft Management Console : 1. Click Start, click Run, type mmc, and then click OK. 2. In the File menu, click Add/Remove Snap-in. 3. In the Add/Remove Snap-in box, click Add. 4. In the Available Standalone Snap-ins list, click Certificates, and then click Add.

20 5. Click Computer Account, and then click Next. 6. Click the Local computer (the computer this console is running on) option, and then click Finish. 7. Click Close, and then click OK. To export a certificate 8. Open the Certificates (Local Computer) folder, then Trusted Root Certificate Authorities folder, then select Certificates.

21 9. In the results pane, find the root certificate of your Certificate Authority and right-click it. Click All Task, and then select Export. The Certificate Export Wizard will open. 10. On the Welcome page, click Next. 11. On the Export File Format page, select DER encoded binary X.509 (.CER), and then click Next. 12. On the File to Export page, enter the path and file name where you want to save the exported certificate, and then click Next.

22 13. On the Finish page, verify the settings and then click Finish. Appendix C Root Certificate Installation on Specific Devices and Mobile Operators If your provider or device is not listed here, and you are having problems installing root certificates on your device, please contact your mobile operator for instructions on how to install root certificates on your device. Check the latest status on root certificate installation with your operator as it may change. 1. Sprint Download the correct utility for your type of phone the links are provided in the knowledge base article below Verizon Wireless Microsoft has worked with Verizon Wireless to create a signed version of the SPAddCert.exe utility to run on VerizonWireless Windows Mobile Smartphones. To download the VZW_SPAddCert.exe file, visit the following Microsoft Web site: 442AED8F47AE&displaylang=en 3. Motorola Q with Verizon Wireless FIMuuti&p_lva=&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PSZwX2dyaWRzb3J0PSZwX3Jvd19jbnQ9Mz AyJnBfcHJvZHM9MjMsODg4JnBfY2F0cz0mcF9wdj0yLjg4OCZwX2N2PSZwX3BhZ2U9MQ**&p_li= &p_topview=1 4. Telus 5. imate SP5 series of phones

23 Appendix D Common Troubleshooting Scenarios Issue No certificate on Front-end Server This happens if you try to use Exchange ActiveSync security enhanced communications without installing the SSL certificate on the IIS website of the front-end server. Alternatively, if the IIS server has multiple websites installed, make sure you installed the certificate on the web site that is servicing Exchange. Issue Non-trusted Certificate Authority Windows Mobile ships with many of the popular certificate authorities trusted by default, see Table 1 above. However, if your server certificate was obtained from a Certificate Authority that is not trusted, you will need to add that CA to the trusted CA s on the device or you may want to consider obtaining a new certificate from one of the trusted sources. Option 1 Add the CA to the list of trusted root CA s on the Windows Mobile device. above. See instructions Option 2 Obtain a new server certificate from one of the trusted CA s. See instructions in section Step 1 - Obtaining and Installing Certificates on the Exchange Server. Issue - Mismatched Server Names In addition to securing the channel, the mobile device also ensures that they are connecting to the proper Exchange Server (i.e. avoiding spoofing) by comparing the server name that is configured on the device in the ActiveSync setup (i.e. mail.company.com) with the server name to which the certificate was issued. If the two of these do not match, the device will give a certificate error. For example, a Windows Mobile device connects to mail.company.com, but the certificate on the Front-end Server was registered under the name fe1.company.com. NOTE: Windows Mobile 5.0 does not support wildcard certificates, so again, the name must match. Windows Mobile 6 does support wildcard certificates, so if the certificate is issued to *.company.com, mail.company.com should work. Resolution: Option 1: Device side change On the device you can change the name of the server to match the name on the certificate. In the example above, you would change the server name on the client to fe1.company.com from mail.company.com. At this point the name the device is connecting to match the name on the certificate so all is well and connection is made. Option 2: Server-side change - Reissue the certificate using the name you want your devices to connect to. This will involve more work and possibly additional cost depending upon how you have obtained the certificate. This is done when the name on the certificate is either incomplete (i.e. it isn t a Fully Qualified Domain Name) and therefore inaccessible from the Internet or when the name of the server is not user friendly (i.e. BobtheFrontendServer company.com). Once this change is made, no changes would be needed on the device and the connection will be made.

24 Issue Certificate chaining Windows Mobile 5.0 does not support Certificate chaining. It is possible that there is an intermediate CA involved. For example, Go Daddy requires an intermediate certificate to be installed on the Frontend Server. Windows Mobile 6 does support certificate chaining and intermediate certificates. Installing Intermediate Certificate on the IIS Server Once you have downloaded the intermediate certificate, please follow the instructions below to install it: 1. Follow instructions 1 through 7 from Appendix B to open the Certificate Manager application. 2. If necessary, click the "+" icon to expand the "Certificates" folder so that the Intermediate Certificate Authorities folder is visible. 3. Right-click on "Intermediate Certificate Authorities" and choose "All Tasks"; then click "Import." 4. Follow the wizard prompts to complete the installation procedure. Additional Troubleshooting Resources: Windows Mobile Sync Error Code Exchange ActiveSync / OMA Troubleshooting Exchange ActiveSync Errors and Solutions

BT Office Anywhere Configuring Mobile Outlook Email Synchronisation with Exchange Server

BT Office Anywhere Configuring Mobile Outlook Email Synchronisation with Exchange Server BT Office Anywhere Configuring Mobile Outlook Email Synchronisation with Exchange Server Contents Page 1 Introduction 3 2 Skill Level 3 3 Requirements 4 4 Enabling Outlook Email on the Mobile Device 5

More information

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson How to Install Microsoft Mobile Information Server 2002 Server ActiveSync Joey Masterson How to Install Microsoft Mobile Information Server 2002 Server ActiveSync Joey Masterson Copyright Information

More information

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook. 2015 Pipelinersales Inc. www.pipelinersales.com

Pipeliner CRM Phaenomena Guide Add-In for MS Outlook. 2015 Pipelinersales Inc. www.pipelinersales.com Add-In for MS Outlook 205 Pipelinersales Inc. www.pipelinersales.com Add-In for MS Outlook Learn how to use sales lead management with Pipeliner MS Outlook Add-In. CONTENT. Setting up Pipeliner Add-In

More information

Setting Up SSL on IIS6 for MEGA Advisor

Setting Up SSL on IIS6 for MEGA Advisor Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority

More information

Secure IIS Web Server with SSL

Secure IIS Web Server with SSL Secure IIS Web Server with SSL EventTracker v7.x Publication Date: Sep 30, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is to help

More information

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

Deploying Remote Desktop IP Virtualization Step-by-Step Guide Deploying Remote Desktop IP Virtualization Step-by-Step Guide Microsoft Corporation Updated: April 2010 Published: July 2009 Abstract Remote Desktop IP Virtualization provides administrators the ability

More information

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) 12/15/2012 WALISYSTEMSINC.COM SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) Setup SSL in SharePoint 2013 In the last article (link below), you learned how to setup SSL in SharePoint 2013

More information

SolarWinds Technical Reference

SolarWinds Technical Reference SolarWinds Technical Reference Using SSL Certificates in Web Help Desk Introduction... 1 How WHD Uses SSL... 1 Setting WHD to use HTTPS... 1 Enabling HTTPS and Initializing the Java Keystore... 1 Keys

More information

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide c623242f-20f0-40fe-b5c1-8412a094fdc7 Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide Microsoft Corporation Published: June 2009 Updated: April 2010 Abstract

More information

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014 S/MIME on Good for Enterprise MS Online Certificate Status Protocol Installation and Configuration Notes Updated: October 08, 2014 Installing the Online Responder service... 1 Preparing the environment...

More information

TS Gateway Step-By-Step Guide

TS Gateway Step-By-Step Guide TS Gateway Step-By-Step Guide Microsoft Corporation Published: December 2007 Modified: July 2008 Abstract Terminal Services Gateway (TS Gateway) is a new role service available to users of the Microsoft

More information

CA NetQoS Performance Center

CA NetQoS Performance Center CA NetQoS Performance Center Install and Configure SSL for Windows Server 2008 Release 6.1 (and service packs) This Documentation, which includes embedded help systems and electronically distributed materials,

More information

ADFS Integration Guidelines

ADFS Integration Guidelines ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS

More information

Getting Started. Install the Omni Mobile Client

Getting Started. Install the Omni Mobile Client Getting Started This Quick Start Guide is for Windows Mobile Smart Phones (no touch-screen support) devices. There is a separate Quick Start Guide for Pocket PC and Windows Mobile touch-screen PDA and

More information

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal 1.1.3 On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal 1.1.3 On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected ( Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration This document provides configuration steps for Avaya one X Portal s 1.1.3 communication

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background Xerox Multifunction Devices Customer Tips June 5, 2007 This document applies to these Xerox products: X WC Pro 232/238/245/ 255/265/275 for the user Xerox Network Scanning HTTP/HTTPS Configuration using

More information

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery Securing HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery Requesting and Applying an SSL Certificate to secure communication ion from Clearwell E-Discovery to Enterprise

More information

Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by- Step Guide

Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by- Step Guide Deploying Remote Desktop Web Access with Remote Desktop Connection Broker Step-by- Step Guide Microsoft Corporation Updated: April 2010 Published: May 2009 Abstract RemoteApp and Desktop Connection provides

More information

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step

Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step Customizing Remote Desktop Web Access by Using Windows SharePoint Services Stepby-Step Guide Microsoft Corporation Published: July 2009 Updated: September 2009 Abstract Remote Desktop Web Access (RD Web

More information

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec Managed PKI. Integration Guide for ActiveSync Symantec Managed PKI Integration Guide for ActiveSync ii Symantec Managed PKI Integration Guide for ActiveSync The software described in this book is furnished under a license agreement and may be used

More information

Encrypting Your Email Using the free COMODO Secure Email Certificate

Encrypting Your Email Using the free COMODO Secure Email Certificate Encrypting Your Email Using the free COMODO Secure Email Certificate These instructions will guide you through the process of getting a free Secure Email Certificate Issued by COMODO. This document will

More information

Wavecrest Certificate

Wavecrest Certificate Wavecrest InstallationGuide Wavecrest Certificate www.wavecrest.net Copyright Copyright 1996-2015, Wavecrest Computing, Inc. All rights reserved. Use of this product and this manual is subject to license.

More information

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0 Microsoft Dynamics GP Workflow Installation Guide Release 10.0 Copyright Copyright 2008 Microsoft Corporation. All rights reserved. Complying with all applicable copyright laws is the responsibility of

More information

File and Printer Sharing with Microsoft Windows

File and Printer Sharing with Microsoft Windows Operating System File and Printer Sharing with Microsoft Windows Microsoft Corporation Published: November 2003 Abstract File and printer sharing in Microsoft Windows allows you to share the contents of

More information

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group

Using Self Certified SSL Certificates. Paul Fisher. Quest Software. Systems Consultant. Desktop Virtualisation Group Using Self Certified SSL Certificates Paul Fisher Systems Consultant paul.fisher@quest.com Quest Software Desktop Virtualisation Group Quest Software (UK) Limited Ascot House Maidenhead Office Park Westacott

More information

MicrosoftDynam ics GP 2015. TenantServices Installation and Adm inistration Guide

MicrosoftDynam ics GP 2015. TenantServices Installation and Adm inistration Guide MicrosoftDynam ics GP 2015 TenantServices Installation and Adm inistration Guide Copyright Copyright 2014 Microsoft Corporation. All rights reserved. Limitation of liability This document is provided as-is.

More information

Installation and Configuration Guide

Installation and Configuration Guide Entrust Managed Services PKI Auto-enrollment Server 7.0 Installation and Configuration Guide Document issue: 1.0 Date of Issue: July 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark

More information

Pipeliner CRM Phaenomena Guide Sales Pipeline Management. 2015 Pipelinersales Inc. www.pipelinersales.com

Pipeliner CRM Phaenomena Guide Sales Pipeline Management. 2015 Pipelinersales Inc. www.pipelinersales.com Sales Pipeline Management 2015 Pipelinersales Inc. www.pipelinersales.com Sales Pipeline Management Learn how to manage sales opportunities with Pipeliner Sales CRM Application. CONTENT 1. Configuring

More information

Installation Guide. SafeNet Authentication Service

Installation Guide. SafeNet Authentication Service SafeNet Authentication Service Installation Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Technical Brief for Windows Home Server Remote Access

Technical Brief for Windows Home Server Remote Access Technical Brief for Windows Home Server Remote Access Microsoft Corporation Published: October, 2008 Version: 1.1 Abstract This Technical Brief provides an in-depth look at the features and functionality

More information

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate Copyright. All rights reserved. Trustis Limited Building 273 New Greenham Park Greenham Common Thatcham

More information

Step-by-Step Guide to Deploying Microsoft Exchange Server 2003 SP2 Mobile Messaging with Windows Mobile 5.0-based Devices

Step-by-Step Guide to Deploying Microsoft Exchange Server 2003 SP2 Mobile Messaging with Windows Mobile 5.0-based Devices Step-by-Step Guide to Deploying Microsoft Exchange Server 2003 SP2 Mobile Messaging with Windows Mobile 5.0-based Devices March, 2006 Applies to: Exchange Server 2003 SP2 and Windows 5.0-based Devices

More information

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Step By Step Guide: Demonstrate DirectAccess in a Test Lab Step By Step Guide: Demonstrate DirectAccess in a Test Lab Microsoft Corporation Published: May 2009 Updated: October 2009 Abstract DirectAccess is a new feature in the Windows 7 and Windows Server 2008

More information

Troubleshooting File and Printer Sharing in Microsoft Windows XP

Troubleshooting File and Printer Sharing in Microsoft Windows XP Operating System Troubleshooting File and Printer Sharing in Microsoft Windows XP Microsoft Corporation Published: November 2003 Updated: August 2004 Abstract File and printer sharing for Microsoft Windows

More information

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS

Hands-On Lab: WSUS. Lab Manual Expediting WSUS Service for XP Embedded OS Lab Manual Expediting WSUS Service for XP Embedded OS Summary In this lab, you will learn how to deploy the security update to your XP Pro or XP embedded images. You will also learn how to prepare the

More information

The 2007 R2 Version of Microsoft Office Communicator Mobile for Windows Mobile: Frequently Asked Questions

The 2007 R2 Version of Microsoft Office Communicator Mobile for Windows Mobile: Frequently Asked Questions The 2007 R2 Version of Microsoft Office Communicator Mobile for Windows Mobile: Frequently Asked Questions Published: December 2008 Information in this document, including URL and other Internet Web site

More information

WS_FTP Pro. Addendum to User s Guide. Software Version 6.6. Ipswitch, Inc.

WS_FTP Pro. Addendum to User s Guide. Software Version 6.6. Ipswitch, Inc. WS_FTP Pro Addendum to User s Guide Software Version 6.6 Ipswitch, Inc. Ipswitch, Inc. Phone: 781-676-5700 81 Hartwell Ave Fax: 781-676-5710 Lexington, MA 02421-3127 Web: http://www.ipswitch.com The information

More information

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide Microsoft Corporation Published: January 2008 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step

More information

Technical Certificates Overview

Technical Certificates Overview Technical Certificates Overview Version 8.2 Mobile Service Manager Legal Notice This document, as well as all accompanying documents for this product, is published by Good Technology Corporation ( Good

More information

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.

More information

Websense Content Gateway HTTPS Configuration

Websense Content Gateway HTTPS Configuration Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco

More information

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3 Contents AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3 Microsoft Federation Gateway Support Overview... 4 Deploying and Configuring Microsoft

More information

Setting Up Email on Your Palm. Treo 700wx Smartphone

Setting Up Email on Your Palm. Treo 700wx Smartphone Setting Up Email on Your Palm Treo 700wx Smartphone Intellectual property notices 2006 Palm, Inc. All rights reserved. Trademark, copyright, patent, and other intellectual property notices are set forth

More information

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications

By Jan De Clercq. Understanding. and Leveraging SSL-TLS. for Secure Communications By Jan De Clercq Understanding and Leveraging SSL-TLS for Secure Communications ii Contents Chapter 2: Leveraging SSL/TLS for Secure Web Communications....... 21 Setting Up SSL/TLS on a Web Server..................................

More information

Djigzo S/MIME setup guide

Djigzo S/MIME setup guide Author: Martijn Brinkers Table of Contents...1 Introduction...3 Quick setup...4 Create a CA...4 Fill in the form:...5 Add certificates for internal users...5 Add certificates for external recipients...7

More information

Windows Server Update Services 3.0 SP2 Step By Step Guide

Windows Server Update Services 3.0 SP2 Step By Step Guide Windows Server Update Services 3.0 SP2 Step By Step Guide Microsoft Corporation Author: Anita Taylor Editor: Theresa Haynie Abstract This guide provides detailed instructions for installing Windows Server

More information

Integrated SSL Scanning

Integrated SSL Scanning Software Version 9.0 Copyright Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive

More information

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide Microsoft Corporation Published: October 2006 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide

More information

Integrated SSL Scanning

Integrated SSL Scanning Version 9.2 SSL Enhancements Copyright 1996-2008. Finjan Software Inc. and its affiliates and subsidiaries ( Finjan ). All rights reserved. All text and figures included in this publication are the exclusive

More information

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner. 2015 Pipelinersales Inc. www.pipelinersales.com

Pipeliner CRM Phaenomena Guide Getting Started with Pipeliner. 2015 Pipelinersales Inc. www.pipelinersales.com Getting Started with Pipeliner 05 Pipelinersales Inc. www.pipelinersales.com Getting Started with Pipeliner Learn How to Get Started with Pipeliner Sales CRM Application. CONTENT. Setting up Pipeliner

More information

How to Configure a Secure Connection to Microsoft SQL Server

How to Configure a Secure Connection to Microsoft SQL Server How to Configure a Secure Connection to Microsoft SQL Server 1993-2015 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying,

More information

MadCap Software. Upgrading Guide. Pulse

MadCap Software. Upgrading Guide. Pulse MadCap Software Upgrading Guide Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished

More information

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For Deployment Guide Deployment Guide VeriSign Certificate Authority Citrix NetScaler SSL Deployment Guide Notice: The information in this publication is subject to change without notice. THIS PUBLICATION

More information

etoken Enterprise For: SSL SSL with etoken

etoken Enterprise For: SSL SSL with etoken etoken Enterprise For: SSL SSL with etoken System Requirements Windows 2000 Internet Explorer 5.0 and above Netscape 4.6 and above etoken R2 or Pro key Install etoken RTE Certificates from: (click on the

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

WHITE PAPER Citrix Secure Gateway Startup Guide

WHITE PAPER Citrix Secure Gateway Startup Guide WHITE PAPER Citrix Secure Gateway Startup Guide www.citrix.com Contents Introduction... 2 What you will need... 2 Preparing the environment for Secure Gateway... 2 Installing a CA using Windows Server

More information

Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006

Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006 Certificate Request Generation and Certificate Installation Instructions for IIS 5 April 14, 2006 1 1. Generating the Certificate Request In this procedure, you will use the Internet Information Services

More information

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Microsoft Corporation Published: May, 2005 Author: Microsoft Corporation Abstract This guide describes how to create

More information

AD RMS Step-by-Step Guide

AD RMS Step-by-Step Guide AD RMS Step-by-Step Guide Microsoft Corporation Published: March 2008 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide provides instructions for setting up a test environment to

More information

Generating a Certificate Signing Request (CSR) from LoadMaster

Generating a Certificate Signing Request (CSR) from LoadMaster SSL Guide From MyKemp Wiki The world of Secure Sockets Layer (SSL) certificates can be a bit confusing, so this document was assembled to help guide users of LoadMasters through the various processes involving

More information

CA Nimsoft Unified Management Portal

CA Nimsoft Unified Management Portal CA Nimsoft Unified Management Portal HTTPS Implementation Guide 7.6 Document Revision History Document Version Date Changes 1.0 June 2014 Initial version for UMP 7.6. CA Nimsoft Monitor Copyright Notice

More information

All other trademarks are property of their respective owners.

All other trademarks are property of their respective owners. Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

Generating an Apple Push Notification Service Certificate

Generating an Apple Push Notification Service Certificate www.novell.com/documentation Generating an Apple Push Notification Service Certificate ZENworks Mobile Management 2.6.x January 2013 Legal Notices Novell, Inc., makes no representations or warranties with

More information

Mobility Manager 9.0. Installation Guide

Mobility Manager 9.0. Installation Guide Mobility Manager 9.0 Installation Guide LANDESK MOBILITY MANAGER Copyright 2002-2012, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or

More information

BASIC CLASSWEB.LINK INSTALLATION MANUAL

BASIC CLASSWEB.LINK INSTALLATION MANUAL LINKS MODULAR SOLUTIONS BASIC CLASSWEB.LINK INSTALLATION MANUAL classweb.link installation Links Modular Solutions Pty Ltd Table of Contents 1. SYSTEM REQUIREMENTS 3 2. DATABASES 3 Standalone Links Database

More information

Technical Brief ActiveSync Configuration for WatchGuard SSL 100

Technical Brief ActiveSync Configuration for WatchGuard SSL 100 Introduction Technical Brief ActiveSync Configuration for WatchGuard SSL 100 October 2009 With ActiveSync, users get push functionality to keep email, calendar, tasks, and contacts up to date on a mobile

More information

DIGIPASS CertiID. Getting Started 3.1.0

DIGIPASS CertiID. Getting Started 3.1.0 DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express

More information

Shavlik Patch for Microsoft System Center

Shavlik Patch for Microsoft System Center Shavlik Patch for Microsoft System Center User s Guide For use with Microsoft System Center Configuration Manager 2012 Copyright and Trademarks Copyright Copyright 2014 Shavlik. All rights reserved. This

More information

Using RPC over HTTP with Exchange Server 2003 SP1

Using RPC over HTTP with Exchange Server 2003 SP1 Using RPC over HTTP with Exchange Server 2003 SP1 Author: Bill Boswell Bill Boswell Consulting, Inc. www.billboswellconsulting.com bill@billboswellconsulting.com RCP over HTTP has a lot of moving parts

More information

Managing Multi-Hypervisor Environments with vcenter Server

Managing Multi-Hypervisor Environments with vcenter Server Managing Multi-Hypervisor Environments with vcenter Server vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.0 This document supports the version of each product listed and supports all subsequent

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

Exchange 2010 PKI Configuration Guide

Exchange 2010 PKI Configuration Guide Exchange 2010 PKI Configuration Guide Overview 1. Summary 2. Environment 3. Configuration a) Active Directory Configuration b) CA Configuration c) Exchange Server IIS Configuration d) Exchange Configuration

More information

Management Reporter Integration Guide for Microsoft Dynamics GP

Management Reporter Integration Guide for Microsoft Dynamics GP Microsoft Dynamics Management Reporter Integration Guide for Microsoft Dynamics GP July 2013 Find updates to this documentation at the following location: http://go.microsoft.com/fwlink/?linkid=162565

More information

www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013

www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013 www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this

More information

Certificate Management

Certificate Management www.novell.com/documentation Certificate Management ZENworks Mobile Management 3.1.x August 2015 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

More information

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide

Configuration (X87) SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English. Building Block Configuration Guide SAP Mobile Secure: SAP Afaria 7 SP5 September 2014 English Afaria Network Configuration (X87) Building Block Configuration Guide SAP SE Dietmar-Hopp-Allee 16 69190 Walldorf Germany Copyright 2014 SAP SE

More information

How To Take Advantage Of Active Directory Support In Groupwise 2014

How To Take Advantage Of Active Directory Support In Groupwise 2014 White Paper Collaboration Taking Advantage of Active Directory Support in GroupWise 2014 Flexibility and interoperability have always been hallmarks for Novell. That s why it should be no surprise that

More information

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014]

SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014] SSL Configuration on Weblogic Oracle FLEXCUBE Universal Banking Release 12.0.87.01.0 [August] [2014] Table of Contents 1. CONFIGURING SSL ON ORACLE WEBLOGIC... 1-1 1.1 INTRODUCTION... 1-1 1.2 SETTING UP

More information

How to Install SSL Certificates on Microsoft Servers

How to Install SSL Certificates on Microsoft Servers How to Install SSL Certificates on Microsoft Servers Ch apter 3: Using SSL Certificates in Microsoft Internet Information Server... 36 Ins talling SSL Certificates in IIS with IIS Manager... 37 Requesting

More information

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration

Intel vpro Technology. How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration Intel vpro Technology How To Purchase and Install Symantec* Certificates for Intel AMT Remote Setup and Configuration Document Release Date: September 14, 2012 Revision History Revision Revision History

More information

Extracting an S/MIME certificate from a digital signature

Extracting an S/MIME certificate from a digital signature Extracting an S/MIME certificate from a digital signature Instructions for Microsoft Outlook 2007 and 2010 Document User_Instruction_Outlook_Certificate_Handling Status Final Date: 03.06.2012 Version:

More information

RSA envision Windows Eventing Collector Service Deployment Overview Guide

RSA envision Windows Eventing Collector Service Deployment Overview Guide RSA envision Windows Eventing Collector Service Deployment Overview Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011

Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011 Managing the SSL Certificate for the ESRS HTTPS Listener Service Technical Notes P/N 300-011-843 REV A01 January 14, 2011 This document contains information on these topics: Introduction... 2 Terminology...

More information

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations

More information

Implementing Secure Sockets Layer on iseries

Implementing Secure Sockets Layer on iseries Implementing Secure Sockets Layer on iseries Presented by Barbara Brown Alliance Systems & Programming, Inc. Agenda SSL Concepts Digital Certificate Manager Local Certificate Authority Server Certificates

More information

HTTP Server Setup for McAfee Endpoint Encryption (Formerly SafeBoot) Table of Contents

HTTP Server Setup for McAfee Endpoint Encryption (Formerly SafeBoot) Table of Contents Table of Contents Introduction... 1 Setting Up Endpoint Encryption s HTTP Server...2 How to trust Control Break as an CA... 20 Start Endpoint Encryption s HTTP Server service... 23 Verify Endpoint Encryption

More information

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government. END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010

More information

Trend Micro Worry-Free Remote Manager Agent Installation Guide

Trend Micro Worry-Free Remote Manager Agent Installation Guide Trend Micro Worry-Free Remote Manager Agent Installation Guide Agent Installation Guide The Agent Installation Guide contains information about the Worry-Free Remote Manager (WFRM) agent installation process

More information

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3

Secure Transfers. Contents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3 Contents SSL-Based Services: HTTPS and FTPS 2 Generating A Certificate 2 Creating A Self-Signed Certificate 3 Obtaining A Signed Certificate 4 Enabling Secure Services 5 A Note About Ports 5 Connecting

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

Scenarios for Setting Up SSL Certificates for View

Scenarios for Setting Up SSL Certificates for View Scenarios for Setting Up SSL Certificates for View VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report Xerox Multifunction Devices Customer Tips March 15, 2007 This document applies to these Xerox products: X WC 4150 X WCP 32/40 X WCP 35/45/55 X WCP 65/75/90 X WCP 165/175 X WCP 232/238 X WCP 245/255 X WCP

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

Setting Up Email. on Your Touch by HTC

Setting Up Email. on Your Touch by HTC Setting Up Email on Your Touch by HTC Intellectual Property Notices 2007 Sprint Nextel. All rights reserved. No reproduction in whole or in part without prior written approval. SPRINT and other trademarks

More information

Configuring TLS Security for Cloudera Manager

Configuring TLS Security for Cloudera Manager Configuring TLS Security for Cloudera Manager Cloudera, Inc. 220 Portage Avenue Palo Alto, CA 94306 info@cloudera.com US: 1-888-789-1488 Intl: 1-650-362-0488 www.cloudera.com Notice 2010-2012 Cloudera,

More information

USING SSL/TLS WITH TERMINAL EMULATION

USING SSL/TLS WITH TERMINAL EMULATION USING SSL/TLS WITH TERMINAL EMULATION This document describes how to install and configure SSL or TLS support and verification certificates for the Wavelink Terminal Emulation (TE) Client. SSL/TLS support

More information

www.novell.com/documentation Administration Guide Certificate Server 3.3.8 May 2013

www.novell.com/documentation Administration Guide Certificate Server 3.3.8 May 2013 www.novell.com/documentation Administration Guide Certificate Server 3.3.8 May 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this documentation,

More information

Symantec AntiVirus Corporate Edition Patch Update

Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Patch Update Symantec AntiVirus Corporate Edition Update Documentation version 10.0.1.1007 Copyright 2005 Symantec Corporation. All rights reserved. Symantec, the Symantec

More information