Manage Learn to apply best practices and optimize your operations.

Configure CA certificates for iPhone and Exchange Server 2007

Since the iPhone was not originally intended for enterprise use, certain operating system components -- like the certificate store -- are hard to locate and configure. But by following a few steps and properly configuring your certificates, the iPhone might make sense in your Exchange Server enterprise.

Although the iPhone was not originally intended for use in the enterprise, many Exchange admins and users would like to be able to use it in their day-to-day business. In this tip, our expert explains the iPhone may be difficult to configure, but it can, in fact, be used as a mobile platform for Exchange Server. You just need to first make sure that you import a certificate authority to make sure that SSL encryption is working properly.

A colleague once mentioned that he thought the iPhone made a better mobile client for Exchange Server than any Windows Mobile device. This piqued my interest, so I grabbed an iPod Touch and started tinkering. I was able to use the iPod Touch because it's practically identical to the iPhone, except that connects to the Internet through a Wi-Fi link, rather than a cellular link.

At first, connecting the device to Exchange was a bit challenging. There isn't anything especially difficult about the process, but I was uncomfortable using a device with an unfamiliar mobile OS. Furthermore, the iPhone and the iPod Touch are consumer devices that weren't originally intended for use in enterprise environments. Therefore, certain aspects of the OS, such as the certificate store, are hidden.

ActiveSync and Outlook Web Access both depend on SSL encryption. The problem is that many organizations use their own certificate authority (CA) for Exchange.

In order for SSL encryption to work, the mobile device must trust the CA that issued the certificate to Exchange. Unless your Exchange 2007 server is using a certificate from a well-known, commercial CA, iPhone is not going to trust it. In a Windows Mobile environment, you'd simply connect to your CA's website, download a CA certificate and import it into your device.

Begin the import process by connecting to your CA's website through a PC. Then download a CA certificate in Base 64 format and save it to your hard drive.

Next, download and install the iPhone Enterprise Configuration Utility.

Note: A Macintosh version is also available at the same URL.

After downloading the configuration utility, launch the Setup Wizard. When Setup begins, click Next to clear the Welcome screen. Accept the license agreement and click Next. At this point, take a moment to verify the destination folder and click the Install button. When Setup completes, click Finish.

After you've installed the Enterprise Configuration Utility, you can click on the Windows Start button to access it. Then choose the  All Programs -> iPhone Configuration Utility -> iPhone Configuration Utility command. When the Enterprise Configuration Utility starts, select your device and then the Certificates option (Figure 1).

Select the Certificates command from the Window menu.
Figure 1. Select the Certificates command from the Window menu.

The wizard will then take you to the Certificates properties sheet (Figure 2).

A screenshot of the Certificates properties sheet.
Figure 2. A screenshot of the Certificates properties sheet.

Click on the Import button and Windows will launch the Certificate Import Wizard. Click Next and a screen prompts you to provide the certificate you'd like to import. Click the Browse button and then select the certificate that you downloaded earlier. Click Next to continue.

By default, iPhone will try to place the certificate in the Personal Store. However, you'll need to place the certificate in the Trusted Root Certification folder. To do so, click Browse and choose the Trusted Root Certification Authorities option from the list of available folders. Then click OK (Figure 3).

Place the certificate in the Trusted Root Certification Authorities container.
Figure 3. Place the certificate in the Trusted Root Certification Authorities container.

Finally, click Next and then Finish to complete the process.

A message will indicate that the import was successful. Next, go to the trusted Root Certification Authorities tab to verify that the certificate was imported correctly. Verify that your certificate is listed, and click Close (Figure 4).

Verify that your certificate is listed in the Trusted Root Certification Authorities tab.
Figure 4. Verify that your certificate is listed in the Trusted Root Certification Authorities tab.

About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at

Do you have comments on this tip?  Let us know.

This was last published in May 2010

Dig Deeper on Apple iOS in the enterprise

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.