The Tekblog

Warning: This is a technical rant…

I was recently configuring – or rather – trying to configure, a customer’s Palm Centro Smartphone to sync Outlook (Exchange) information with their shiny new SBS08 Server. I quickly realized that this can prove to be a lesson in futility…

The first thing to know is that, for whatever reason, the Palm Centro does not support SSL Certificates encoded using the newer RFC5280 (UTF-8) standard – but instead requires a cert that is generated based on RFC3280 (Printstring). This means that Certificate Authorities locked into generating certificates based on the new RFC will not  produce certs that are compatible with PalmOS devices. I personally used a GoDaddy Standard SSL cert and had this issue. This took quite awhile to narrow down because all of the other phones syncing with this server, which included iPhones and Windows Mobile phones, worked without an issue. This seems like something that Palm could patch – there are all kinds of posts out there in Google-land looking for definitive answers to their Centro and Exchange 2007 Activesync woes…My guess is that with Palm’s upcoming release of the new "Palm Pre" – support for their previously released products is wavering. Aside from not supporting the UTF-8 "method" certificates, they also do not support SSL v3 certs – this from the Palm site:

"SSL v3 certificates which rely on the Subject Alternate Name field to do load balancing across virtual site names do not work with Palm OS devices"

AND – They DO NOT support 256bit Encryption. So, for me the PalmOS/Versamail phones (Centro, 700p, 655p, 800p) have been placed a notch just below a Blackberry as my least-favorite "Smartphone flavor" out there. I just hope they get it right with the Pre. There are literally dozens and dozens of posts out there with people looking for a definitive answer to their Centro <-> Exchange syncing problems…

The bottom line for Admins wanting to configure Palm Centro Phones with Small Business Server 2008 using Versamail EAS, you have two options.

1.) If you are using a Self Signed Certificate you must use the Palm CertModTool to install your SBS Server’s CA onto the phone itself

2.) If you want a "proper" SSL Cert you will need to buy a supported cert – I hear people having good luck with the Geotrust QuickSSL certificates. These tend to be pricey at about $250.00.

I was told my a GoDaddy rep that if the CSR is produced in printstring format, the cert would be generated appropriately – I assume this would entail generating the CSR on a a 2003 Server (IIS6) – getting the Cert and exporting it to a *.PFX and then importing it to the SBS08 machine – this just seems like a failure-prone procedure – but I did see some people discussing this method of getting around the issue.

All in all this was a frustrating, but educational process. Below is some other useful information for those running into this article in a Google search – likely pulling your hair out (trust me, I was there)…

-SSL v3 and "Subject Alternate Name"

-Palm Forum Post about Importing "External" SSL Certs

-Exchange 2007 lessons learned – generating a certificate with a 3rd party CA

-Another Palm Forum Post