aucklandnz
asked on
windows mobile sync problem (certificate is not valid)
Hi All,
I was trying to install certificate (issued by godaddy) on my treo750v using spaddcert but im getting error "This certificate is not valid root certificate. Please select a valid root certificate"
The i have added the certificate using .cab file. It appears under root certificates but i still cannot syn with my exchange.
im running exchange 2003sp2 and iis6.
treo is running windows mobile version 5
thanks
Ps i was able to syn before with self signed certificate but i had to buy one from godaddy as i have upgraded my laptop to vista and i could not sync my outlook over rpc/https. after i bought certificate from godaddy i could sync my outlook on my vista machine but now i cannot sync my mobile.
please help
Thanks
I was trying to install certificate (issued by godaddy) on my treo750v using spaddcert but im getting error "This certificate is not valid root certificate. Please select a valid root certificate"
The i have added the certificate using .cab file. It appears under root certificates but i still cannot syn with my exchange.
im running exchange 2003sp2 and iis6.
treo is running windows mobile version 5
thanks
Ps i was able to syn before with self signed certificate but i had to buy one from godaddy as i have upgraded my laptop to vista and i could not sync my outlook over rpc/https. after i bought certificate from godaddy i could sync my outlook on my vista machine but now i cannot sync my mobile.
please help
Thanks
ASKER
do i have to create .cab from intermidiate certificate follow your steps www.amset.info/pocketpc/certificates3.asp
ASKER
when i purchasede ssl from godaddy they have sent me two certificates
1. mydomain.com.crt
2. gd_iis_intermidiates.p7b
1. mydomain.com.crt
2. gd_iis_intermidiates.p7b
If you open the second file you will have two additional certificates.
One needs to go in to the intermediate certificate store on the server, the other in to the root store.
GoDaddy Class 2 in the root
GoDaddy Secure in the intermediate.
As long as the valicert is in the root certificates on the Windows Mobile device there is nothing to install on the device - it is all server.
Simon.
One needs to go in to the intermediate certificate store on the server, the other in to the root store.
GoDaddy Class 2 in the root
GoDaddy Secure in the intermediate.
As long as the valicert is in the root certificates on the Windows Mobile device there is nothing to install on the device - it is all server.
Simon.
ASKER
thanks for the reply,
Im a bit confused.
I opened the gd_iis_intermidiates.p7b in certmgr.
what do i have to do with 2 files that are there?
Thnkas
Im a bit confused.
I opened the gd_iis_intermidiates.p7b in certmgr.
what do i have to do with 2 files that are there?
Thnkas
You need to right click on them and save them out to separate files. Make sure that they are saved as .cer files. Once you have saved them both out, you can double click on them to see which one is which.
Simon.
Simon.
ASKER
after i save them, do i have to install them on the server and mobile device ?
Thanks
Thanks
Only the server, not the device.
The whole point of using these certificates is so that you don't have to install anything on the device.
Simon.
The whole point of using these certificates is so that you don't have to install anything on the device.
Simon.
ASKER
what should i save them as ?
thanks
thanks
Doesn't really matter. You are going to be importing the files, so once they have been saved you can dispose of the files or store them somewhere. I think I called mine root and intermediate so I knew which was which.
Simon.
Simon.
ASKER
still doesnt work, i have restared IIS and my mobile.
on my mobile im getting the following error
0x80072F0D
cheers
on my mobile im getting the following error
0x80072F0D
cheers
If you browse to the site in Internet Explorer on the desktop, double click on the yellow shield icon, then choose Certificate path, you should see four steps. If you only see three then you have one of the certificates wrong.
I am writing my own guide for the installation of these certificates at the moment, but been a little busy with clients.
Simon.
I am writing my own guide for the installation of these certificates at the moment, but been a little busy with clients.
Simon.
ASKER
all i see is a lock. when i click on it i get
Website identification
godaddy calss 2 certification authority
mymailserver.mydomain.com
This connection to the server is encrytpted
should i trust this site?
view certificates
thanks
Website identification
godaddy calss 2 certification authority
mymailserver.mydomain.com
This connection to the server is encrytpted
should i trust this site?
view certificates
thanks
That sounds you are looking on the Windows Mobile device - I meant Internet Explorer on the desktop. You should have three tabs - certificate path is the the third tab.
Simon.
Simon.
ASKER
i used my desktop computer
I have articles in progress on installing the GoDaddy certificates.
However I do have some screenshots on my web site of working and non-working certificate installations.
http://www.amset.info/ssl/wmerror.asp
Simon.
However I do have some screenshots on my web site of working and non-working certificate installations.
http://www.amset.info/ssl/wmerror.asp
Simon.
ASKER
i have 4 steps
1.VeliCert Class 2 Policy Validation Authority
1.1 Go Daddy Class 2 Certification Authority
1.2 Go Daddy Secure Certification Authority
1.3 Mymailserver.mydomain.com
1.VeliCert Class 2 Policy Validation Authority
1.1 Go Daddy Class 2 Certification Authority
1.2 Go Daddy Secure Certification Authority
1.3 Mymailserver.mydomain.com
Not entirely sure that the top certificate is correct.
That should be a Starfield certificate if the Go Daddy certificate has been issued since February 2007.
Simon.
That should be a Starfield certificate if the Go Daddy certificate has been issued since February 2007.
Simon.
ASKER
so what should i do now, reinstall certificate ?
It isn't your certificate that is wrong - it is the root certificate.
Did you use the certificates that came with your certificate, or did you download them from the repository web site?
Simon.
Did you use the certificates that came with your certificate, or did you download them from the repository web site?
Simon.
ASKER
cant realy remember
Do you still have the files that were sent to you by the certificate issuer?
You have should have had two - you own certificate file and the root/intermediate bundle.
This is their repository: https://certificates.godaddy.com/Repository.go
The one you want is "Go Daddy PKCS7 Certificate Intermediates Bundle (for Windows IIS) "
Download that and open it up. Inside is two certificates. Save the one issued by valicert as the root and the other one as the intermediate.
Then import them in to the relevant certificate stores.
Simon.
You have should have had two - you own certificate file and the root/intermediate bundle.
This is their repository: https://certificates.godaddy.com/Repository.go
The one you want is "Go Daddy PKCS7 Certificate Intermediates Bundle (for Windows IIS) "
Download that and open it up. Inside is two certificates. Save the one issued by valicert as the root and the other one as the intermediate.
Then import them in to the relevant certificate stores.
Simon.
ASKER
still not working :(
I would remove the certificates that you have installed and and reinstall them.
Also ensure that you are working in the correct context for the certificates when you start the Certificate MMC applet - it should be the local computer.
Simon.
Also ensure that you are working in the correct context for the certificates when you start the Certificate MMC applet - it should be the local computer.
Simon.
ASKER
i have unistalled cerificates and installed it again and now, nothing is working even web access.
ASKER
when i right click on my default web site and then click on security tab and server certificate i have option create new certificate. what do i do now ?
Thanks
Thanks
ASKER
i got my OWA working but my mobile doesnt sync . now i have a different error code
0x85030022
thanks
0x85030022
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Forced accept.
Computer101
EE Admin
Computer101
EE Admin
That can only be done with a cabinet file - not with the spaddcert tool.
Simon.