Configuring a Site for Downloading Self-Signed Certificates
Topic Last Modified: 2009-03-31
Configuring a site by installing a self-signed certificate is required only if the Communicator Web Access server or the Reverse proxy server has a Secure Sockets Layer (SSL) certificate generated by your own certification authority (CA) or any other third-party CA that is not preinstalled on the mobile phones. These procedures identify the steps required to host and download the required certificates to a Nokia mobile phone using the Communicator Web Access server.
However, the same procedure applies to any Web server that can be accessed through the Internet. If the Communicator Web Access server or the reverse proxy server has an SSL certificate generated by a third-party root CA preinstalled on the mobile phone, the following procedure is not required. Certificates help keep your networks secure by authenticating the Office Communications Server 2007 R2 server to which Communicator Mobile for Java connects. To perform authentication, Communicator Mobile for Java requires that you install the root certificate that is part of the server certificate on the device.
On the Communicator Web Access server, open Microsoft Management Console (MMC).
On the File menu, click Add/Remove Snap-in.
In the list of snap-ins, click Certificates.
In Certificates snap-in, click the certificate of the certification authority (CA) that issued the certificate for this Communicator Web Access server.
Export this certificate, click DER encoded binary X.509 (.CER), select the option to export without the private key, and then click OK.
In Certificate Name, type comojava.
After the comojava.cer file is created, rename this file comojava.der.
For details about exporting certificates, see “Export a Certificate” in the Windows Server 2003 Product Help documentation at http://go.microsoft.com/fwlink/?LinkID=133037.
On the Communicator Web Access server, create a virtual directory under the CWA Web site named cert.
Map this virtual directory name to a local folder also named cert, and then set the security setting for the virtual directory to Anonymous access.
Create an HTML file named download.html that includes the following contents:
<?xml version="1.0"?><!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN""http://www.wapforum.org/DTD/xhtml-mobile10.dtd" > <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Download Certificate For Communicator Mobile for Java </title> </head> <body> <p> <a href="comojava.der">Download Certificate</a> </p> </body> </html>
Copy the comojava.der file and the download.html to the local cert folder you created in step 2.
Send the certificate installation information in the procedure below to mobile users to install the certificate on their mobile devices.
From the Nokia mobile device, open the URL https://im.contoso.com/cert/download.html.
When the browser on the mobile device displays a warning that the certificate is not trusted, click Continue.
Click the Download Certificate link, and then save the certificate when prompted.
Communicator Mobile for Java functionality is now enabled on this mobile device.
Note: Certificate installation works only for Nokia mobile devices.