FYI - when we were getting activesync setup we used a self signed certificate. Activesync WILL WORK with a self signed certificate, but you need to have the CA be trusted. To do this, you need to export the certificate and then import it into the certificate store as a CA on each and every handheld. That was reason enough for us, even as a non-profit, to go with a full certificate from a trusted CA.
On Thu, May 27, 2010 at 6:59 AM, Charles Marcus <[email protected]>wrote: > On 2010-05-26 6:36 PM, Jean-Pierre van Melis wrote: > > Activesync refuses to work with self-signed certificates. You can't > > tell it to accept a non-CA certificate. > > According to what I've read, that's actually not activesync that is > refusing to work with one, it is the device/carrier... > > Sometimes you can get around this limitation by posting the cert on a > web accessible URL, then navigate there using the device's web browser, > which *will* let you accept/install the cert, then activesync will just > use it... but it doesn't always work either... > > > I'm also using an autoprovisioning script As things are at this > > moment this certificate is installed in use and working. If pound > > would support the stripping of this prefix or ASSP would take a URL > > it could be implemented with 5 extra lines in that same config. The > > reverse proxy is already running and configured there. > > If its not broke, don't fix it - also, its not like real certs are that > expensive, unless you need a lot (ISP, hosting reseller, etc). > > >> I don't want to use portnumbers for, what I think, obvious reasons. > >> Not obvious to me... > > > Esthetics and ease of use. We're probably different kind of persons > > and we're most likely not going to agree in this field. > > Well, aesthetics is one thing - that's a personal preference thing, so > there is no 'right or wrong'... but as for the ports and 'ease of use' - > the method I'm talking about does *not* require the end-user to manually > designate a different port, that happens automatically through a redirect. > > Its definitely most useful for browser based services, though (webmail, > browser based management services, etc)... > > -- > > Best regards, > > Charles > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Assp-test mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/assp-test > ------------------------------------------------------------------------------ _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
