Although the iPhone was not originally intended for use in the enterprise, many Exchange admins and users would...
like to be able to use it in their day-to-day business. In this tip, our expert explains the iPhone may be difficult to configure, but it can, in fact, be used as a mobile platform for Exchange Server. You just need to first make sure that you import a certificate authority to make sure that SSL encryption is working properly.
A colleague once mentioned that he thought the iPhone made a better mobile client for Exchange Server than any Windows Mobile device. This piqued my interest, so I grabbed an iPod Touch and started tinkering. I was able to use the iPod Touch because it's practically identical to the iPhone, except that connects to the Internet through a Wi-Fi link, rather than a cellular link.
At first, connecting the device to Exchange was a bit challenging. There isn't anything especially difficult about the process, but I was uncomfortable using a device with an unfamiliar mobile OS. Furthermore, the iPhone and the iPod Touch are consumer devices that weren't originally intended for use in enterprise environments. Therefore, certain aspects of the OS, such as the certificate store, are hidden.
ActiveSync and Outlook Web Access both depend on SSL encryption. The problem is that many organizations use their own certificate authority (CA) for Exchange.
In order for SSL encryption to work, the mobile device must trust the CA that issued the certificate to Exchange. Unless your Exchange 2007 server is using a certificate from a well-known, commercial CA, iPhone is not going to trust it. In a Windows Mobile environment, you'd simply connect to your CA's website, download a CA certificate and import it into your device.
Begin the import process by connecting to your CA's website through a PC. Then download a CA certificate in Base 64 format and save it to your hard drive.
Next, download and install the iPhone Enterprise Configuration Utility.
Note: A Macintosh version is also available at the same URL.
After downloading the configuration utility, launch the Setup Wizard. When Setup begins, click Next to clear the Welcome screen. Accept the license agreement and click Next. At this point, take a moment to verify the destination folder and click the Install button. When Setup completes, click Finish.
After you've installed the Enterprise Configuration Utility, you can click on the Windows Start button to access it. Then choose the All Programs -> iPhone Configuration Utility -> iPhone Configuration Utility command. When the Enterprise Configuration Utility starts, select your device and then the Certificates option (Figure 1).
The wizard will then take you to the Certificates properties sheet (Figure 2).
Click on the Import button and Windows will launch the Certificate Import Wizard. Click Next and a screen prompts you to provide the certificate you'd like to import. Click the Browse button and then select the certificate that you downloaded earlier. Click Next to continue.
By default, iPhone will try to place the certificate in the Personal Store. However, you'll need to place the certificate in the Trusted Root Certification folder. To do so, click Browse and choose the Trusted Root Certification Authorities option from the list of available folders. Then click OK (Figure 3).
Finally, click Next and then Finish to complete the process.
A message will indicate that the import was successful. Next, go to the trusted Root Certification Authorities tab to verify that the certificate was imported correctly. Verify that your certificate is listed, and click Close (Figure 4).
About the author: Brien M. Posey, MCSE, is a five-time recipient of Microsoft's Most Valuable Professional (MVP) award for his work with Exchange Server, Windows Server, Internet Information Services (IIS), and File Systems and Storage. Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.
Do you have comments on this tip? Let us know.