• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 397
  • Last Modified:

SSL problem with Cingular using Exchange ActiveSync

We have Cingular wireless devises that connect through our Custom APN.  In this setup, we have phones and Sierra wireless modems that connect to Cingular's wireless data network.  Each device is assigned a static IP address.  We also have a Frame relay through Cingular that all wireless devices connect to our network via.  I have 5 IP addresses that I can use.  I am using one, 166.212.xxx.26 and then NATing it to my internal IP of 192.168.200.100.  This is an internal Citrix server.  That is working fine.

I am now setting up mobile device sync on my Blackjack.  I setup another NAT on my switch connected to Cingulars frame link that Nat's the external IP of 166.212.xxx.30 to internal 192.168.200.110.  My syning is working great without ssl.  

I am now trying to setup syncing with ssl.  I am getting an error that says "your certificate does not match the name blah blah..."   The reasson for this is because on my device, I am telling it that my mail server name is 166.212.xxx.30.  My server certificate is saying it's name is companymailserver.com.  

I am guessing that Cingular needs to put a host record on their DNS server that says 166.212.xxx.30 is companymailserver.com.  I can then plug that value vs the external IP address into my device and everything will be happy.  Am I correct???

Thanks
0
chadd25
Asked:
chadd25
1 Solution
 
sppenceCommented:
You are correct that it is a DNS issue - you need to tell your device that the mail server is the FQDN that matches the certificate.

Whoever hosts your public DNS servers needs to add an entry with the FQDN of your mail server and its appropriate public IP.  If you're using a 3rd party to host your website, it is possible that whoever hosts your website is also hosting your DNS.  If you're hosting your own domain and run your own DNS, you'll need to make these changes to your own public DNS servers.  

(Whoever hosts your domain's public DNS is the one that needs to make the change - if Cingular happens to be the ones hosting your domain, then you'll need to contact them - otherwise, contact whoever is hosting your domain.  Other public DNS servers just forward your query to the authoratative DNS server for your public domain - its the authoratative DNS server for your domain that needs to be updated)
0
 
SembeeCommented:
If you r certificate is domain.com and not host.domain.com then you will have issues. SSL certificates are never issued to a domain, but to a specific host. The only exception is a wild card certificate - but Windows Mobile 5.0 doesn't support that.
If it is your intention to use a commercial certificate with this deployment (and it should be) then you should be using a host.

Do you have your email delivered directly by SMTP? If so you should have a host for MX records. I usually use the same host for that. Makes the firewall rules simple as well.

Simon.
0
 
chadd25Author Commented:
I ended up having to edit the registry of the blackjack to make a host entry that maps to the fqdn that the certificate is assigned to.  Since there is no host file on theblackjack, it has to be added to the registry.  hclm/comm/tcpip/host
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now