Hi everyone,
we are using SMC 7 and it works fine in the moment regarding ActiveSync Profiles with a user/password combo. But we are in the process of rolling out smartcards for our userbase. This makes the user/password combo impossible.
We now have to use certificate based authentication (cba) for Exhange 2013 active sync and i have some questions about that topic
regarding the overall config.
1. We have setup a MS SCEP (NDES) Server for generating the certificates from our MS PKI for
the mobiles over SMC
Q: which certificate template should we use as base, and what should we change in the template?
2. We have configured SCEP in SMC pointing to the NDES Server
Q: what should we configure in the SCEP Profile.
I think the Subject should be the user UPN "CN=user@domain.com"
Do i need the SAN fields?
3. Does Android Support such a config in the active sync profile?
I know that iPhones could handle cba without user password, but Android?
We have Samsung and Sony mobiles.
In my first tests with a Sony Mobile (Android 7) our root certs are on the phone, but the scep cert from the active sync profile is not on the phone. But in our pki it was issued.
Many thanks in advance for any answer that helps!
Peter
This thread was automatically locked due to age.