• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1806
  • Last Modified:

Treo ActiveSync SSL certificate problems

Greetings. I've been banging my head against a wall trying to get SSL to work with Exchange ActiveSync and my Treo 700w. I get error 0x80072f06: "You have an incorrect SSL certificate common name in the Host Name field, etc."

Here's what I've done:
1. In IIS, under "Default website Properties" in "Directory Security", I've
    a. enabled anonymous access
    b. checked "Integrated Windows authentication"
    c. checked "Basic authentication"
    d. selected as the default domain "domain.local" from the domain list

2. Under IP address and domain restrictions, I've allowed all computers access.

3. I've copied the certificate that comes with Outlook Web Access in my computer browser to the Treo and installed it.

Thanks in advance for your help.

Joe

0
dekroon
Asked:
dekroon
  • 6
  • 4
  • 3
  • +1
2 Solutions
 
mrodriquesCommented:
The Exchange Server name in your ActiveSync settings is different from the one required to establish a Secure Sockets Layer (SSL) connection. Correct the Exchange Server name and try to sync again. If you sync on a schedule, sync has been changed from scheduled to manual.
0
 
ari24Commented:
Your SSL certificate is probably set up incorrectly.
A common error is as follows:
Your servers actual name is exchange.domain.com but your servers name to the outside world is somethingelse.domain.com
If the SSL cert is issued to exchange.domain.com, it will fail with the error you are getting.
0
 
SembeeCommented:
This has nothing to do with your permissions.

Look at the certificate's common name.
If the name on the certificate says something like

mail.server.local

Then it will never work.

Step backwards.
Try OMA. From your desktop.
Does it work? Do you get any certificate prompts?

Simon.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
dekroonAuthor Commented:
I have the certificate on my desktop as a .cer file. What do I look at to determine the certificate's common name? Under "general", it says "issued to: www.domain.com" and "issued by: www.domain.com". Under "details" I have a bunch of fields with information. Where do I look?
0
 
dekroonAuthor Commented:
My server's name is "server.domain.com" and my exchange server is accessed via "http://www.domain.com/exchange"
0
 
ari24Commented:
Make sure your SSL cert is for domain.com and not for server.domain.com
0
 
SembeeCommented:
Using the information you have provided above, the certificate's common name is www.domain.com 
That is what you put in to the handheld.

ari24 - you are WRONG. If you have a certificate with the common name of domain.com then it will never work.

Certificates come in two types...
Host based - host.domain.com or wildcard - *.domain.com
Pocket PCs cannot cope with wildcard SSL certificates, so you have to use host based certificates.

Simon.
0
 
dekroonAuthor Commented:
Again - What do I look at to determine the certificate's common name?

Thanks.
0
 
dekroonAuthor Commented:
oops - didn't see your reply, Simon. So is the certificate a host-based certificate according to the info i gave?

Thanks.
0
 
ari24Commented:
If you created this yourself on a windows server, go to "certification authority", issued certificates, double click on the certificate you use and itll read "issed to" whatever domain name its issued to.
0
 
dekroonAuthor Commented:
I get an error when I attempt to open "certification authority":

"cannot manage certificate services. the specified service does not exist as an installed service"
0
 
SembeeCommented:
The best way to look at the certificate is through IIS Manager.
Look at the properties of the default web site, then choose Directory Security. Under Secure Communications will be "View Certificate". Click on that to see the certificate.

Simon.
0
 
dekroonAuthor Commented:
i'm installing the certificate service. Can you help me with configuration?

Thanks.
0
 
ari24Commented:
Theres an excellent article on that topic here: http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now