This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Sync Profiles for Certificate Based Authentication with Exchange

Hi everyone,
we are using SMC 7 and it works fine in the moment regarding ActiveSync Profiles with a user/password combo. But we are in the process of rolling out smartcards for our userbase. This makes the user/password combo impossible.

We now have to use certificate based authentication (cba) for Exhange 2013 active sync and i have some questions about that topic
regarding the overall config.

1. We have setup a MS SCEP (NDES) Server for generating the certificates from our MS PKI for
the mobiles over SMC
Q: which certificate template should we use as base, and what should we change in the template?

2. We have configured SCEP in SMC pointing to the NDES Server
Q: what should we configure in the SCEP Profile.
   I think the Subject should be the user UPN "CN=user@domain.com"
   Do i need the SAN fields?

3. Does Android Support such a config in the active sync profile?
   I know that iPhones could handle cba without user password, but Android?
   We have Samsung and Sony mobiles.
   
In my first tests with a Sony Mobile (Android 7) our root certs are on the phone, but the scep cert from the active sync profile is not on the phone. But in our pki it was issued.

Many thanks in advance for any answer that helps!

Peter



This thread was automatically locked due to age.
Parents
  • 1. is Solved

    2. is Solved

    3. With iPhones it is working fine, they get the certificate over scep and mail is running fine without password just with the certificate. On my Sony i could not get get scep certificate on the Phone. On which Devices is this working?

    On Sony i have to manually put the certificate on the Phone and i must use another mail app (Boxer) where i could configure a mailprofile without passwort just with the cert.

  • Hello Peter,

     

    What were the solutions for 1 and 2 

Reply Children
No Data