Godaddy SSL cert & mobile devices

[snootalope]

At the moment I've got a self-signed cert on our exchange 2003 box and a root cert installed on all the windows mobile devices that sync to it. Works great!

However, we recently acquired an ssl cert from godaddy that's supposed to take the place of the self-signed one I got running at the moment. We actually got two certs from godaddy. I followed their installation instructions:

http://help.godaddy.com/article/4875

but it doesn't appear to be working.

When I activate this cert and try a sync from the phones, all I get is a message saying "waiting for network" and it (the mobile device/activesync) never syncs. No error messages on the server either...

I've went through their instructions a dozen times and that's as far as I can get is the "waiting for network" - anyone got any advice on what I might check or try to get this rolling?

 

[ShackDaddy]

Go to

http://www.testexchangeconnectivity.com

and run the ActiveSync test, don't click the "ignore trust for SSL" bit. Post back with your results. Edit them if you want.

Dave Shackelford
ThirdTier.net

 

[snootalope]

Ok...here's the results. I put the godaddy cert back on and this is what I got:



Testing Exchange Activesync for host mail.ourdomain.com Exchange Activesync test Failed Test Steps
Attempting to Resolve the host name mail.ourdomain.com in DNS.
Host successfully Resolved
Additional Details




Testing TCP Port 443 on host mail.ourdomain.com to ensure it is listening/open.
The port was opened successfully.

Testing SSLCertificate for validity.
The SSLCertificate failed one or more certificate validation checks.


Additional Details
A network connection error occured while communicating with the remote host: Exception Details: Message: Authentication failed because the remote party has closed the transport stream. Type: System.IO.IOException Stack Trace: at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation) at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost) at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()

 

[ShackDaddy]

When you go to OWA (from a remote non-domain system) when the new cert is in place, do you get an error? Either way, when you get into OWA, can you choose to view the cert and can you then verify that it's the proper GoDaddy cert? Did you do an IISReset after putting the GoDaddy cert in place?

This isn't really the sort of thing that can easily be troubleshot in the abstract, without the real details of the cert. If I were trying to solve this problem, I'd be examining the cert and checking the details up close.


Dave Shackelford
ThirdTier.net