Updating windows mobile 5 to windows mobile 6 dating arthritis
The user then authenticates to the network, navigates to the designated location, and the client user certificate with the associated encrypted private key is passed to the user’s device.Applies to Windows Mobile 6 The Certificate Enroller Configuration Service Provider in Windows Mobile 6 devices enables you to generate certificates and associate them with a key pair to produce and install trusted certificates for your mobile devices.In practice this includes the end certificate, the certificates of intermediate CAs, and the certificate of a root CA trusted by all parties in the chain.Every intermediate CA in the chain holds a certificate issued by the CA one level above it in the trust hierarchy. When importing the certificate for a client, the certificate chain may be included in the . This enables the device to authenticate the intermediate and root certificates associated with the end certificate.Once the user certificate and key are on the device, cradling with Desktop Active Sync 4.1 or later is required only to renew the certificate when it expires. For an overview of setting up certificate-based authentication for use with Windows Mobile and Exchange Active Sync, see Appendix A, Overview of Deploying Exchange Active Sync with Certificate-Based Authentication, of the Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft Exchange Server 2003 SP2, available at this Microsoft Web site: With Windows Mobile 6, the process for implementing Transport Layer Security (TLS) certificate-based authentication has been streamlined and made easier to maintain.Microsoft has created a tool for deploying Exchange Active Sync certificate-based authentication; it can be downloaded from the following Microsoft Download center Web site. The system administrator creates a certificate type and makes it available through Active Directory.This program, in conjunction with privileged certificate authorities, allows application developers to distribute their applications across the vast majority of Windows Mobile-powered devices while working with a single certificate authority and maintaining just one signed version of their application.
A certificate chain consists of all the certificates needed to certify the subject identified by the end certificate.
Confer with your device vendor or mobile operator to ensure that the devices you intend to purchase will either work with the certificates you currently have deployed, that you can add the necessary certificates, or that you can replace your certificates in a cost-effective fashion. For more information, see the Microsoft Knowledge Base article, How to install root certificates on a Windows Mobile-based device available at the following Microsoft Web site: Microsoft recommends that you provision the device using over-the-air (OTA) methods when possible.
If you wish to install root certificates for certificate-based authentication, you can use the tool for deploying Exchange Active Sync certificate-based authentication; it can be downloaded from the following Microsoft Download center Web site. If you must deliver the XML in a file, we recommend that you package and sign provisioning documents in the CAB Provisioning Format (.cpf).
Windows Mobile and Windows Server together support up to 2,048-bit keys.
Second, requiring certificate-based authentication greatly reduces the risk that a user’s credentials will be compromised.