Jump to content

Lock down device access by SSL

Guest JoeShmoe

By Guest JoeShmoe
in Smartphone General Discussion

 Share

Recommended Posts

Guest JoeShmoe

Guest JoeShmoe

Posted
Posted

We have a customer requirement to enable Direct Push mail to a number of Vodafone supplied mobile devices

We have an OWA cluster but currently we do NOT allow public access to the email server - this is done via an eGap solution

Therefore we will have to create a public URL to allow these mobile devices to connect to the OWA server via HTTPS. However we dont want any device or browser or PDA to be able to access this device

I understand that we will have to provide a signed SSL certificate on the OWA IIS boxes to allow secure encryption but Im assuming these wont restrict access to just the devices we want them to as they'll be from a trusted CA such as Verisign

Which leaves us with the option of having to lock down access at the DMZ firewall by IP range which I really dont want to do - not least because if they take these devices onto other networks (i.e. intnl roaming) then the IP address will change

So is there any way we can use SSL to lock down access by phones by client certs or some other mechanism?

Guest Confucious

Guest Confucious

Posted
Posted

I use FreeSSL to provide the cert - but even with the cert you still need to be able to log on to email. Isn't your email security enough?

Guest

Guest

Posted
Posted (edited)
We have a customer requirement to enable Direct Push mail to a number of Vodafone supplied mobile devices

We have an OWA cluster but currently we do NOT allow public access to the email server - this is done via an eGap solution

Therefore we will have to create a public URL to allow these mobile devices to connect to the OWA server via HTTPS. However we dont want any device or browser or PDA to be able to access this device

I understand that we will have to provide a signed SSL certificate on the OWA IIS boxes to allow secure encryption but Im assuming these wont restrict access to just the devices we want them to as they'll be from a trusted CA such as Verisign

Which leaves us with the option of having to lock down access at the DMZ firewall by IP range which I really dont want to do - not least because if they take these devices onto other networks (i.e. intnl roaming) then the IP address will change

So is there any way we can use SSL to lock down access by phones by client certs or some other mechanism?

Create your own server cert?

There's lots of info on it, we did it ourselves. Ran into some problems but eventually got it going. Below is instructions, not sure how good they are but its a start.

Link is here

hth

gr

Edited by Guest
Guest

Guest

Posted
Posted (edited)

*edit* Double Post sry *edit*

Edited by Guest

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept