Exchange 2003 Direct Push SSL Certificate Problem

We recently installed exchange 2003 sp2 on windows server 2003 standard.  We would like to use active sync with direct push, but have a question about ssl certificates.  Our internal DNS is int-tfchurch.org so I created a trial certificate through verisign with the name of the mail server and our internal domain name (server.int-company.org).  The problem is our end users access OWA and sync their phones to mail.company.org.  Its the same server it just has a different domain mapping on the outside.  Now our phones give us the following error messages: 1.  SERVER CERTIFICATE DOMAIN DOES NOT MATCH SERVER 2. SSL CERTIFICATE IS NOT TRUSTED UPDATE TRUSTED ROOT LIST.
LVL 1
trinityfellowshipAsked:
Who is Participating?
 
czcdctConnect With a Mentor Commented:
Hopefully someone will jump in here but I think I'm right in saying that the trial cert is deliberately untrusted in the Verisign chain.
Test this without SSL enabled and if it's all OK get the proper Verisign one purchased and running.
0
 
czcdctCommented:
Yes, the certificate must say "Mail.company.org" This is non negotiable. It doesn't matter what the NetBIOS or AD FQDN of the server is, it's the external DNS name that matters.
0
 
trinityfellowshipAuthor Commented:
Ok, I requested a new trial certificate from Verisign for mail.company.org (external dns).  On my treo 650 I get the following error: There was a problem syncing messages.  SSL Error:  No trusted root Update certificate authority list.
0
 
SembeeConnect With a Mentor Commented:
Verisign's trial certificates are not trusted. That has burnt me before.
I don't think anyone has a trial certificate trusted by Windows Mobile. RapidSSL's trial certificate is trusted by Windows itself, but not Windows Mobile. Doesn't surprise me as the trusted certificate list on Windows Mobile is very small. You will either have to purchase a certificate that is trusted or import the root certificates.
Although you don't have to go to Verisign and be ripped off for an SSL certificate. There are many others available that are trusted by Windows Mobile.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.