Changing my SSL certificate to get Activesync to work

Posted on 2006-06-04
Last Modified: 2008-03-17
I'm somewhat new to this area, but I know enough to get by.  I recently tried to configure my Treo to use activesync with my exchange server.  We have an SSL in place where the common name of the domain in the SSL is different from the actual domain.  If I wanted to get a new certificate, how do I go about it.  

What I was doing, was going to the IIS under the default website and removing the current certificate and making a new request.  I had a site to get one for free by copying the request text and everything was going good, but I couldn't get the confirmation email because with the certificate removed, I couldn't get my email.  

Can anyone tell me the best steps to get this done.  I have a bunch of people with the Treo's and can't sync.

Also, I tried a cert with, but I then find out that our domain has the wrong admin listed in the whois database, which is a whole differnt problem i'm now working on.
Question by:eshara55
    LVL 104

    Accepted Solution

    It doesn't matter what the name on the certificate is, as long as it is the same name that you enter in to the device and it resolves correctly.

    I actually recommend using a different name on the certificate to the server's real name.
    For example the server could be server1.domain.local but the certificate has the common name of - and resolves to the Exchange server.
    If you have MX records in place already to point at the Exchange server then there is nothing to stop you from using the same name for your SSL certificate. I do that all the time.

    Removing the certificate should not have stopped you from receiving your email, unless you are trying to get the email via OWA, OMA, EAS or RPC over HTTPS. If you are using regular Outlook then you should be able to collect email.

    However the problem with your Treos could be the lack of root certificate. If you are using any of the low cost/free certificates then the root certificate will not be installed on the device. This means the device will not accept the certificate on the server. You will need to get the root certificate on to the device so that your own certificate is trusted by the handheld.

    Try a certificate from RapidSSL. You will still need the root certificate, but it isn't a chained certificate like some of the other low end certificates making the deployment much easier. I have guidance on getting the root certificate on to the device on my web site:


    Author Comment

    Ok, so I got the new cert from rapidssl and installed it.  When trying to do an sync, I got a different error message.  Told me I have an invalid certificate installed.  I installed the root on the Treo as well.  Also, with the new cert, I was not able to get into my public exchange folders through the system manager.  That as well said I had an invalid cert.

    With the original cert, the sync error is telling me I have a differnt host name than common name???

    Is there a step I am doing wrong???
    LVL 104

    Expert Comment

    If you browse to on the device then you will get the certificate prompt.
    That will tell you which element is failing.
    Furthermore, if the problem is with the certificate itself, as opposed to certificate support, then you could browse to the same address on a desktop and get a similar error.

    The common name that you applied for in the certificate needs to match the name that you are giving to the users, BUT does NOT have to match the server's real name.

    So the server could be called exchsvr01.domain.local but you are giving the users
    It is the that would be the common name of the certificate.


    Author Comment

    Here's what I got...

    Outlook(R) Mobile Access is supported only on Microsoft(R) Exchange Server 2003. Currently your mailbox is stored on an older version of Exchange server. Please contact your system administrator for additional assistance.

    I'm on 2003?????
    LVL 104

    Expert Comment

    Check out this article, and the one that it links to.


    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
    Create high volume marketing opportunities using email signatures with these top 10 DOs and DON'Ts of email signature marketing.
    In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
    To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now