eshara55
asked on
Changing my SSL certificate to get Activesync to work
I'm somewhat new to this area, but I know enough to get by. I recently tried to configure my Treo to use activesync with my exchange server. We have an SSL in place where the common name of the domain in the SSL is different from the actual domain. If I wanted to get a new certificate, how do I go about it.
What I was doing, was going to the IIS under the default website and removing the current certificate and making a new request. I had a site to get one for free by copying the request text and everything was going good, but I couldn't get the confirmation email because with the certificate removed, I couldn't get my email.
Can anyone tell me the best steps to get this done. I have a bunch of people with the Treo's and can't sync.
Also, I tried a cert with godaddy.com, but I then find out that our domain has the wrong admin listed in the whois database, which is a whole differnt problem i'm now working on.
What I was doing, was going to the IIS under the default website and removing the current certificate and making a new request. I had a site to get one for free by copying the request text and everything was going good, but I couldn't get the confirmation email because with the certificate removed, I couldn't get my email.
Can anyone tell me the best steps to get this done. I have a bunch of people with the Treo's and can't sync.
Also, I tried a cert with godaddy.com, but I then find out that our domain has the wrong admin listed in the whois database, which is a whole differnt problem i'm now working on.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you browse to https://servername.domain.com/oma on the device then you will get the certificate prompt.
That will tell you which element is failing.
Furthermore, if the problem is with the certificate itself, as opposed to certificate support, then you could browse to the same address on a desktop and get a similar error.
The common name that you applied for in the certificate needs to match the name that you are giving to the users, BUT does NOT have to match the server's real name.
So the server could be called exchsvr01.domain.local but you are giving the users mail.domain.com
It is the mail.domain.com that would be the common name of the certificate.
Simon.
That will tell you which element is failing.
Furthermore, if the problem is with the certificate itself, as opposed to certificate support, then you could browse to the same address on a desktop and get a similar error.
The common name that you applied for in the certificate needs to match the name that you are giving to the users, BUT does NOT have to match the server's real name.
So the server could be called exchsvr01.domain.local but you are giving the users mail.domain.com
It is the mail.domain.com that would be the common name of the certificate.
Simon.
ASKER
Here's what I got...
Outlook(R) Mobile Access is supported only on Microsoft(R) Exchange Server 2003. Currently your mailbox is stored on an older version of Exchange server. Please contact your system administrator for additional assistance.
I'm on 2003?????
Outlook(R) Mobile Access is supported only on Microsoft(R) Exchange Server 2003. Currently your mailbox is stored on an older version of Exchange server. Please contact your system administrator for additional assistance.
I'm on 2003?????
Check out this article, and the one that it links to.
http://support.microsoft.com/default.aspx?kbid=839288
Simon.
http://support.microsoft.com/default.aspx?kbid=839288
Simon.
ASKER
With the original cert, the sync error is telling me I have a differnt host name than common name???
Is there a step I am doing wrong???