Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SSL cert prob on mobile device

Status
Not open for further replies.
snotty54

snotty54

Technical User
Jun 28, 2010
114
KY
*Mobile device = Nokia e63 w/Symbian os
*Activesync worked fine then stopped, possibly due to ssl cert manipulations due to OA errors
*Godaddy ssl cert replaced with upgraded Godaddy UCC ssl cert
*Mobile device no longer syncs
*Deleted original ssl cert on mobile device, need advice on importing new ssl cert to mobile phone to get activesync working
 
Sort by date Sort by votes
Not sure about Symbian devices, but if the cert is from a trusted CA, you normally don't have to import it.

Is the cert enabled for IIS? If you do a
Code: 
Get-ExchangeCertificate | fl
you should be able to tell. Do users in Outlook 2007+ or OWA get cert prompts?

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Hi Pat:

Thank you for replying. Using EMS, the Get-ExchangeCertificate | fl command brings up the new UCC GoDaddy cert.

I also thought the mobile would download the new cert automatically but it doesn't. Using the activesync MS trouble shooting tool it fails on the autodiscover.externaldomain.com query. I do have a san on the ucc for autodiscover.externaldomain.com. I have a 5 san ucc so I've got:
mail.externaldomain.com (common)
externaldomain.com
myserver.internaldomain.local
internaldomain.local
autodiscover.externaldomain.com

The journey started because I was getting the name error when I opened Outlook Anywhere because my main business work station is remote to the server. The UCC solved that but activesync has been down for 3 weeks and I'm trying to figure out where the issue is.

Any thoughts much appreciated,

Scott
 
Upvote 0 Downvote
Hi Pat:

Still searching for a the problem causing my direct push activesync to not work, I notice when I use the MS test activesync tool that autodiscover fails, it looks like for two reasons: 1)port 443 is blocked but it is looking for that on the hosting service's ip, which host's my web site, but my email is all smtp directly to my server with it's static ip, but autodiscover is not looking for port 443 on my static ip, but my hosting services, which would be blocked I presume 2) The other error I'm getting is "Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured"

I'm searching for solutions but haven't found them yet. If you or anyone has a moment to point in the right direction, much appreciated.

Scott


 
Upvote 0 Downvote
Autodiscover.myexternaldomain.com points to the static ip of my server/exchange. If one types in my external domain on a browser, i.e. " which is my web site, it goes to the hosting service ip where of course, port 443 would be blocked, that ip is just a dynamic ip for my web site.

Does this mean I should have used the san "autodiscover.mail.externaldomain.com"? because that is the address I use for Outlook Anywhere? OA and OWA are working from my remote office.

Thanks,

Scott
 
Upvote 0 Downvote
autodiscover isn't a subdomin of mail, so autodiscover.mail.externaldomain.com wouldn't be valid. It should point to autodiscover.smtpdomain.com. So if your SMTP domain is contoso.com (email addresses are bob@contoso.com), it would point to autodiscover.smtpdomain.com. And that A record should point to the public IP for your Exchange server.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
OK, that is the way it is set up. The autodiscover.smtpdomain.com a record is pointed to the static ip of my external/common/smtp domain.

What about the following error: Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.
Additional Details
Accept/Require Client Certificates isn't configured.

Would the above be a reason push activesync would not work? My Nokia E63 is not downloading the certificate and in fact had the old certificate still there, which I have deleted.

Thanks,

Scott
 
Upvote 0 Downvote
Pat:

I've zeroed in on the fact that "client certificate authentication" isn't being detected in IIS and that client certificates need to be "configured" as the possible reason my E63 is not receiving direct push. Can you, or anyone, suggest how to fix? Haven't found a solution that makes sense yet.

Thanks,

Scott
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
1K
DrB0b
DrB0b
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
1K
Wesaf
Wesaf
PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
1K
PatrickRoggers
PatrickRoggers
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
1K
ponoodle
ponoodle
Rohit Bareja
  • Locked
  • Question
View and access only own records, and not the records by others on SharePoint.
Replies
3
Views
1K
garysm
garysm

Part and Inventory Search

Sponsor

Back
Top