posted on Wednesday, March 15, 2006 9:28 PM by bradley

Looking for a Mobile 5 device?

Today one of the guys in the office that has a Mobile 3 (the Audiovox 5600) said that his daughter (who also has one... yes the Windows Mobile disease travels through families) was having a hard time finding a cigarette lighter because the stores she was going to were not carrying the "Business phones".  I have noticed too that the Cingular store I go to (well last I checked anyway) only had one or two business-like phones and you might need to shop around or order the phone and then activiate it at the store.

There's this thing that you can watch out for when ordering them.. as to whether the phone comes with a "locked" or "unlocked" security policy. 

Now what's that all about?  As a general rule of thumb keep in mind the following:  Unlocked devices mean that you can easily add our SBS self signed certs.  Locked devices means you "may" be able to install our self signed certs.  And the rules are different for Pocket PC devices versus Smartphones.

In regards to Pocket PCs...now obviously the ones that are unlocked ... the certs off the SBS box that you MUST get on to that device will just go (remember what the mobility podcast gang talked about...just get that cert on the device as the key to authentication is if the device can get to that SSL page it's trying to go do without error).  If the device is locked, you can download a utility called spaddcert (it's says 2003 but it works on the 2005 PPCs) to install the certs.  The key here is to get that cert on the Mobile 5 device.  In that respect it's the same for the Mobile 3 that I have.. at least as far as PPC devices go anyway.  Remember like they said...this is just about PPC devices.  As those will allow you to get that cert on the device no matter what.  You just have to follow manual instructions to install the cert like I had to do because I had on previous version of ActiveSync my Mobility Wiz wouldn't Wiz.. (or as someone would say.. Whiz)  ...and I had to manually install it on the device via the using the ActiveSync interface to drag and drop the cert on to the device and then manually "install" it by clicking on the file on the phone. You can either follow the blonde instructions on that process or the official ones.

Unlocked PPCs will just go, Locked PPCs you can use the utility to install it the cert on the device.  Kinda like what I had to do for my sister's phone with her Novell/Groupwise sync software.  We used a little utility to get the cert on the device.  So we're cool with PPC devices and how they handle our Self Signed certs right?

Now then, here comes the fun part. 

Smartphones are different.

Smartphones aren't quite so easy and like the Podcast gang said it depends on the vendor.  If you have a locked Smartphone you are limited to making sure that Vendor provides a "get a cert on the device" utility, or you purchase a third party cert and put that on your box.  If you have a locked smartphone and the vendor is not providing a cert workaround tool... you can't use the spaddcert tool...and you are stuck  yeah.....hmmm... how about those godaddy cheap certs sound?  So far most of the gang installing these devices with the SBS self signed certs have found a couple of vendors to be SBS friendly.  So far primarily i-mate, Verizon and Sprint have the SBS self signed cert friendly ones per what the gang tell me so far.

So here's a tentative list I got from the Mobility community (and please let me know if there are any errors in this listing):

(and this is US devices only so please.. if you know of similar information for your country, please post it)

Cellular                

 Model      Type Self Signed OK?
Cingular 2125 SmartPhone            Y
Cingular 8125 PocketPC            Y
T-Mobile MDA SmartPhone            N
T-Mobile SDA PocketPC            Y
Verizon 6700 PocketPC            Y
Verizon Treo 700w PocketPC            Y
Sprint 6700 PocketPC            Y

(Self Signed OK?  = means it's either unlocked or comes with a cert install tool so you can get the cert on the device)

Word is the Motorola Q coming out that's a SmartPhone will most likely be locked but Verizon has been providing the cert tool so as soon as that one comes out and it's confirmed we can add that to the listing.

So overseas, most of the devices I hear the "Drool" factor over is the i-Mate ones like Nick has.  And his is obviously working just fine on a SBS 2003 box, self signed certs and ..yeah...even a .local (I checked with him after that blog post about .local being an issue with phones).  I've yet to hear from the gang any Smartphone overseas working other than the i-mate.  But if you know of others with similar 'they just work' or 'work with a tool to get the cert on them', let me know and I'll add them to the list.  And don't forget the prior post with links and resources.

Comments

# re: Looking for a Mobile 5 device?

Thursday, March 16, 2006 6:41 AM by Joe Moore
Why is everyone so hung up on using the self-signed certs from SBS? We sell more SBS than just about anyone out there and we NEVER use the self-signed cert for mobile devices. Get a third-party one. There's no excuse when you can get a supported one for as little as $19.95 a year. I know most SBS users are unwilling to spend any more than is absolutley necessary but, come on. $20?? That won't kill anyone. Here's a link to WM5 supported SSL vendors: http://go.microsoft.com/fwlink/?LinkId=61499

# re: Looking for a Mobile 5 device?

Thursday, March 16, 2006 11:18 AM by Nick Whittome
Joe has a good point, but the fact is that why bother if you can do a self signed cert easily?

Mind you... for that Price I think I may go and get one... :)

# re: Looking for a Mobile 5 device?

Friday, March 17, 2006 6:26 AM by Joe Moore
My point wasn't to argue against the self-signed cert but to point out that it can actually be CHEAPER to get the third-party one. If I have to install the self-signed cert on my devices and some of them are SmartPhones, it will certainly take more time that installing the cert one time on the server. Just because we can use the SBS cert doesn't mean we should.

# re: Looking for a Mobile 5 device?

Friday, March 17, 2006 2:16 PM by Graeme Smith
If MS are going to provide a means to generate a cert which is as good as one from a CA - FROM THE POINT OF VIEW OF DOING SSL - then just why it is made so hard to use it in different scenarios is beyond me.

For many not for profits a self signed certificate for internal use is penny wise and good enough - till it won't work with some models of phones....

And have you seen what happens if you use a self signed cert in IE7? That really needs some better wording to explain there ARE some circumstances in which the cert is OK.