Expired Self-Issued Certificate

I have Exchange 2003 SP2 running OWA with a self-issued certificate from the CA running on the local Exchange Server.  It was valid for 2004-2006 and expired a few months ago.  This normally doesn't matter, we just use it for internal SSL for OWA.  

I'm now setting up Microsoft Direct Push, and I got it to work unsecured http.  I want to secure the data between the mobile devices and the server by using SSL, but the mobile devices don't like our expired certificate.  I recently revoked the certificate to create a new one.  

I created a dummy site in IIS, and went through the wizard to create a new certificate, but it hasn't shown up anywhere yet.

Please advise on the best technique for me to run our OWA and Exchange Active Sync under a non-expired Cert so I can continue my project.

Just for sport, I was given a Thanksgiving deadline yesterday on implementing Direct Push for Mobile devices for the company so the boss can see how well it works.

LVL 4
dempsedmAsked:
Who is Participating?
 
jar3817Connect With a Mentor Commented:
Buy a real cert from a trusted authority. I could be wrong, but I've heard you need a trusted cert for direct push (and rpc over https) to work properly. You can get one for $20/yr at godaddy.com.
0
 
dempsedmAuthor Commented:
I may consider this, but for testing purposes was hoping to use my own.
0
 
dempsedmAuthor Commented:
Also, I have used RPC over https with self cert.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
dempsedmAuthor Commented:
To clarify, you do need a trusted cert, but you can add your own to be trusted.  Some are already "pre-trusted" from verisign, etc.  I have installed the cert properly to the device, but it expired a few months ago.
0
 
dlangrConnect With a Mentor Commented:
see http://www.isaserver.org/tutorials/2004owafba.html for a good explanation of how to use your own self-signed certificate, you can leave out the isa part if you don't use it.

If you are using self-signed certificates you usually have to edit the registry of the mobile devices to allow importing self signed certificates or use a tool like http://www.jacco2.dds.nl/networking/pfximprt.html#Using_pfximprt
0
 
deaditeConnect With a Mentor Commented:
If you want to setup SSL (for free) you can create your own SA, generate the cert request, then have your CA make the cert.  Here is a simple step by step direction to do this:
http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

In addition, you will probably want to automatically redirect HTTP traffic to use HTTPS.  For instance, if you enter http://server/exchange it will forward it to https://server/exchange.  Here is an MS article outlining this:
http://support.microsoft.com/kb/839357

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.