CELL PHONES – WINDOWS MOBILE AND SERVER CERTIFICATES

There are now more than a hundred cell phones built on Windows Mobile, capable of syncing with Microsoft Outlook and handling e-mail, calendar and address book chores.

Businesses running Exchange Server 2003 can sync a Windows Mobile device with Outlook over the device’s Internet connection, which allows the mobile device to have real-time access to e-mail, like a Blackberry. Outlook is then the single repository for all mail traffic, regardless of whether mail is sent or received from Outlook, Outlook Web Access, or the handheld device. Theoretically it’s possible to have messages pushed out to the device immediately, but that requires addition of a “feature pack” to Exchange and some tricky configuration. For most people it’s sufficient to have the mobile phone check for updates every five minutes or so.

Microsoft Small Business Server 2003 includes Exchange Server 2003 and can play this game too – but there’s a technical wrinkle that has had me scratching my head several times lately.

When big companies deploy a web server that needs to be secure, they purchase and install a “security certificate” – a way to authenticate the server. Third parties check out the company and issue a certificate, and the company installs it on the web server. When a mobile device or web browser tries to set up a secure connection, the certificate is consulted and communication only happens if the server and the certificate are aligned with the Prime Meridian and the left hand of God. Well, something like that anyway. Let’s just say that complicated magic ensures that the answering server really belongs to Goliath, Inc. and not the Russian mafia. When it happens automatically, the padlock appears in the Internet Explorer window.

Small Business Server issues a “self-signed certificate” – essentially the server vouches for itself. That’s why an ominous warning appears when you use Outlook Web Access – the channel is secure and encrypted, but no third party has vouched for the identity of the server.

The problem is that Windows Mobile doesn’t trust self-signed certificates and it’s almost impossible to convince it to relax. Setting up a Windows Mobile phone with Small Business Server is an exercise in frustration.

So small businesses now have yet another expense if they want to use the latest technology – and let’s face it, we’re surrounded by Blackberry users making it look like e-mail on a handheld device is a pretty reasonable request. Microsoft has published a list of companies issuing SSL certificates that will work with Windows Mobile devices. GoDaddy issues one for twenty bucks a year, but it reportedly only works if the Exchange Feature Pack is installed – more time, more money, more complexity. The others are all over the map, from $150/year on up to $695/year or more, with more time invested in figuring out how to install and configure them – and for that matter, trying to figure out the differences between them.

(Incidentally, for individual users and small businesses – Blackberries don’t work the way you think they do. There’s no easy way out of these messes. Repeat after me: nothing is easy.)

Sigh.