Find this post interesting? Do you like interesting things? Maybe you would like my invention, a connectible candle called a WickBrick!

Get one here http://wickbrick.etsy.com/

So certificates are lame, and who wants to pay for them. So what if you want to create a self signed certificate and then use it on a mobile device. Here are the steps.

Download the IIS 6.0 Resource Kit Tools.

Run the Selfssl.exe program with something like selfssl /T /N:CN=yourserver.com/V:9999

(Note yourserver.com should be the external server address that your mobile clients connect to)

(/V:9999 = 9,999 days before experation)

For my purposes I didn’t want to switch to full ssl right now so I didn’t go and select the exchange server setting to always require ssl.

To test point your browser using ssl point to https://yourserver.com/exchange

You should get a warning that you have an untrusted cert there. Click view certificate and then click install certificate (this will useful for setting up the mobile)

Ok, now on to the mobile. This post explains it very well http://www.amset.info/pocketpc/certificates3.asp

But I will summarize.

Create basic xml file with

<wap-provisioningdoc>
<characteristic type=”CertificateStore”>
<characteristic type=”ROOT”>
<characteristic type=”thumbprint of certificate”>
<parm name=”EncodedCertificate” value=”certificate hash”/>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>

Open up internet explorer, tools, internet options, content, certificates, trusted root certificates authorities tab. Find your cert (it will be the server name you assigned above)

Double click it, goto details tab, scroll down to thumbprint. Copy the thumbprint and replace the thumbprint of certificate in the above xml file removing all spaces.

Hit OK, and then on the trusted root certification authorities tab select your cert and then click export. Choose Base-64 encoded X.509 (.CER)

Open up a new copy of notepad and drag the exported .cer file into it.

Copy everything between the
—–BEGIN CERTIFICATE—–
and
—–END CERTIFICATE—–
and paste it in to the file created in part one, in to the line with Encoded Certificate, replacing the entry “certificate hash.

Save your xml file as _setup.xml (IT MUST BE _setup.xml) or no worky

drop to the command prompt (windows xp) and run the command makecab _setup.xml file.cab

(you can now rename file.cab to something easier to type or remember)

copy file.cab to some external webserver.

Now to install on your mobile device have them browse to http://yourserver.com/file.cab

For an iphone use the previous export command to get a .cer and copy it to some externally accessible webserver and then have your iphone users point their device to http://yourserver.com/cert.crt and install it when asked.

NOTE: Rename the .cer to .crt so that safari will recognize it as a certificate.

Tada

If this post was useful please vote for my Kronos Video So I can win 10K thanks 🙂

http://videocontest.kronos.com/kickapps/_Kronsters-Inc/video/258026/34016.html