Solved

SSL problem with Cingular using Exchange ActiveSync

Posted on 2007-03-19
3
385 Views
Last Modified: 2013-12-09
We have Cingular wireless devises that connect through our Custom APN.  In this setup, we have phones and Sierra wireless modems that connect to Cingular's wireless data network.  Each device is assigned a static IP address.  We also have a Frame relay through Cingular that all wireless devices connect to our network via.  I have 5 IP addresses that I can use.  I am using one, 166.212.xxx.26 and then NATing it to my internal IP of 192.168.200.100.  This is an internal Citrix server.  That is working fine.

I am now setting up mobile device sync on my Blackjack.  I setup another NAT on my switch connected to Cingulars frame link that Nat's the external IP of 166.212.xxx.30 to internal 192.168.200.110.  My syning is working great without ssl.  

I am now trying to setup syncing with ssl.  I am getting an error that says "your certificate does not match the name blah blah..."   The reasson for this is because on my device, I am telling it that my mail server name is 166.212.xxx.30.  My server certificate is saying it's name is companymailserver.com.  

I am guessing that Cingular needs to put a host record on their DNS server that says 166.212.xxx.30 is companymailserver.com.  I can then plug that value vs the external IP address into my device and everything will be happy.  Am I correct???

Thanks
0
Comment
Question by:chadd25
3 Comments
 
LVL 3

Expert Comment

by:sppence
ID: 18750719
You are correct that it is a DNS issue - you need to tell your device that the mail server is the FQDN that matches the certificate.

Whoever hosts your public DNS servers needs to add an entry with the FQDN of your mail server and its appropriate public IP.  If you're using a 3rd party to host your website, it is possible that whoever hosts your website is also hosting your DNS.  If you're hosting your own domain and run your own DNS, you'll need to make these changes to your own public DNS servers.  

(Whoever hosts your domain's public DNS is the one that needs to make the change - if Cingular happens to be the ones hosting your domain, then you'll need to contact them - otherwise, contact whoever is hosting your domain.  Other public DNS servers just forward your query to the authoratative DNS server for your public domain - its the authoratative DNS server for your domain that needs to be updated)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18752834
If you r certificate is domain.com and not host.domain.com then you will have issues. SSL certificates are never issued to a domain, but to a specific host. The only exception is a wild card certificate - but Windows Mobile 5.0 doesn't support that.
If it is your intention to use a commercial certificate with this deployment (and it should be) then you should be using a host.

Do you have your email delivered directly by SMTP? If so you should have a host for MX records. I usually use the same host for that. Makes the firewall rules simple as well.

Simon.
0
 
LVL 1

Accepted Solution

by:
chadd25 earned 0 total points
ID: 20871943
I ended up having to edit the registry of the blackjack to make a host entry that maps to the fqdn that the certificate is assigned to.  Since there is no host file on theblackjack, it has to be added to the registry.  hclm/comm/tcpip/host
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now