Manage Certificates on 500 Mobile Devices [closed]

Is there a tool to facilitate setting up and managing certificates for mobile devices (running Windows Mobile 5)

The end goal I have is to have my WCF Services (run on IIS) only trust these certificates. That way I don't have to worry about someone else finding my endpoint and sending bogus data to me.

I have WaveLink's Avalanche MC to manage the devices and push out updates. (I am still looking to see if that product has anything to help with this.)


Solution 1:

System Center Mobile Device Manager will do this as far as I can tell but I'm not sure how good the cert enroller's are on WM5, most of the cert features are only properly supported on WM6 (I think). There is a limited cert deployment capability built in to Activesync from version 5 that will automatically deploy user certs onto the device for e-mail if you set things up appropriately in the AD. You might be able to use those depending on how much control you have of your application but I suspect not.

I'm not aware of any commercial apps that do precisely what you need but the crypto-API's are OK on WM5 and it's not terribly difficult to modify the enroller sample code that is included in the Windows Mobile platform development kit to roll something that suits your needs. I built a system to do this in the past that had a lot of bells and whistles (AD integration using placeholder accounts for the WM devices, device config, cert deployment with authorization and then locking down the WM devices systems so they only run signed code), two of us hacked together most of the initial code in about a fortnight IIRC.