In this chapter we have implemented a simple public key infrastructure into the Exchange Server 2010 organization for the purpose of ensuring that all iPhone and other iOS devices connecting to Exchange use certificate-based authentication.
We've covered the basics of certificate-based authentication, including how it can remove the need to change passwords on the iPhone device if a security policy is in place to require regular password changes, removing some of the issues associated with keeping device password in sync with the user's Active Directory password. We've also looked at other reasons for using certificate-based authentication, including to ensure that any devices that connect using the ActiveSync protocol have been provisioned correctly using a private key and certificate, helping to prevent users from connecting personal devices to the Exchange infrastructure.
After looking at why we would use certificate-based authentication and learning a little bit about what it is...