SSL problem with Cingular using Exchange ActiveSync

We have Cingular wireless devises that connect through our Custom APN.  In this setup, we have phones and Sierra wireless modems that connect to Cingular's wireless data network.  Each device is assigned a static IP address.  We also have a Frame relay through Cingular that all wireless devices connect to our network via.  I have 5 IP addresses that I can use.  I am using one, 166.212.xxx.26 and then NATing it to my internal IP of 192.168.200.100.  This is an internal Citrix server.  That is working fine.

I am now setting up mobile device sync on my Blackjack.  I setup another NAT on my switch connected to Cingulars frame link that Nat's the external IP of 166.212.xxx.30 to internal 192.168.200.110.  My syning is working great without ssl.  

I am now trying to setup syncing with ssl.  I am getting an error that says "your certificate does not match the name blah blah..."   The reasson for this is because on my device, I am telling it that my mail server name is 166.212.xxx.30.  My server certificate is saying it's name is companymailserver.com.  

I am guessing that Cingular needs to put a host record on their DNS server that says 166.212.xxx.30 is companymailserver.com.  I can then plug that value vs the external IP address into my device and everything will be happy.  Am I correct???

Thanks
LVL 1
chadd25Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sppenceCommented:
You are correct that it is a DNS issue - you need to tell your device that the mail server is the FQDN that matches the certificate.

Whoever hosts your public DNS servers needs to add an entry with the FQDN of your mail server and its appropriate public IP.  If you're using a 3rd party to host your website, it is possible that whoever hosts your website is also hosting your DNS.  If you're hosting your own domain and run your own DNS, you'll need to make these changes to your own public DNS servers.  

(Whoever hosts your domain's public DNS is the one that needs to make the change - if Cingular happens to be the ones hosting your domain, then you'll need to contact them - otherwise, contact whoever is hosting your domain.  Other public DNS servers just forward your query to the authoratative DNS server for your public domain - its the authoratative DNS server for your domain that needs to be updated)
0
SembeeCommented:
If you r certificate is domain.com and not host.domain.com then you will have issues. SSL certificates are never issued to a domain, but to a specific host. The only exception is a wild card certificate - but Windows Mobile 5.0 doesn't support that.
If it is your intention to use a commercial certificate with this deployment (and it should be) then you should be using a host.

Do you have your email delivered directly by SMTP? If so you should have a host for MX records. I usually use the same host for that. Makes the firewall rules simple as well.

Simon.
0
chadd25Author Commented:
I ended up having to edit the registry of the blackjack to make a host entry that maps to the fqdn that the certificate is assigned to.  Since there is no host file on theblackjack, it has to be added to the registry.  hclm/comm/tcpip/host
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.