Solved

SSL problem with Cingular using Exchange ActiveSync

Posted on 2007-03-19
3
393 Views
Last Modified: 2013-12-09
We have Cingular wireless devises that connect through our Custom APN.  In this setup, we have phones and Sierra wireless modems that connect to Cingular's wireless data network.  Each device is assigned a static IP address.  We also have a Frame relay through Cingular that all wireless devices connect to our network via.  I have 5 IP addresses that I can use.  I am using one, 166.212.xxx.26 and then NATing it to my internal IP of 192.168.200.100.  This is an internal Citrix server.  That is working fine.

I am now setting up mobile device sync on my Blackjack.  I setup another NAT on my switch connected to Cingulars frame link that Nat's the external IP of 166.212.xxx.30 to internal 192.168.200.110.  My syning is working great without ssl.  

I am now trying to setup syncing with ssl.  I am getting an error that says "your certificate does not match the name blah blah..."   The reasson for this is because on my device, I am telling it that my mail server name is 166.212.xxx.30.  My server certificate is saying it's name is companymailserver.com.  

I am guessing that Cingular needs to put a host record on their DNS server that says 166.212.xxx.30 is companymailserver.com.  I can then plug that value vs the external IP address into my device and everything will be happy.  Am I correct???

Thanks
0
Comment
Question by:chadd25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Expert Comment

by:sppence
ID: 18750719
You are correct that it is a DNS issue - you need to tell your device that the mail server is the FQDN that matches the certificate.

Whoever hosts your public DNS servers needs to add an entry with the FQDN of your mail server and its appropriate public IP.  If you're using a 3rd party to host your website, it is possible that whoever hosts your website is also hosting your DNS.  If you're hosting your own domain and run your own DNS, you'll need to make these changes to your own public DNS servers.  

(Whoever hosts your domain's public DNS is the one that needs to make the change - if Cingular happens to be the ones hosting your domain, then you'll need to contact them - otherwise, contact whoever is hosting your domain.  Other public DNS servers just forward your query to the authoratative DNS server for your public domain - its the authoratative DNS server for your domain that needs to be updated)
0
 
LVL 104

Expert Comment

by:Sembee
ID: 18752834
If you r certificate is domain.com and not host.domain.com then you will have issues. SSL certificates are never issued to a domain, but to a specific host. The only exception is a wild card certificate - but Windows Mobile 5.0 doesn't support that.
If it is your intention to use a commercial certificate with this deployment (and it should be) then you should be using a host.

Do you have your email delivered directly by SMTP? If so you should have a host for MX records. I usually use the same host for that. Makes the firewall rules simple as well.

Simon.
0
 
LVL 1

Accepted Solution

by:
chadd25 earned 0 total points
ID: 20871943
I ended up having to edit the registry of the blackjack to make a host entry that maps to the fqdn that the certificate is assigned to.  Since there is no host file on theblackjack, it has to be added to the registry.  hclm/comm/tcpip/host
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question