Clientless ActiveSync and certificates (IVE OS 7.0)
Like many, we're looking at iOS devices as a true smartphone platform now that Junos Pulse is available and appears to work well. One thing we would like to offer is ActiveSync email WITHOUT requiring Pulse. The Clientless ActiveSync feature with Certificate authentication seems to be the most secure way; the problem is, the documentation on how to set it up is very brief.
The way I see it, there are two ways that this could be set up (with only one being correct):
Create a .mobileprofile configuration using the iPhone Configuration Utility that...
1. Contains an ActiveSync config which specifies an Authentication Credential certificate.
2. Contains a generic authentication certificate under "Credentials" that the iPhone will present when challenged by the IVE.
Note that option #1 prevents the user from being able to specify a username/password/domain any longer so I presume the user's credentials must be included in the certificate somewhere.
In short: where / how do we specify the cert that the iPhone will present to the IVE during ActiveSync?