Exchange 2003 Direct Push SSL Certificate Problem

Posted on 2007-08-06
Last Modified: 2009-01-28
We recently installed exchange 2003 sp2 on windows server 2003 standard.  We would like to use active sync with direct push, but have a question about ssl certificates.  Our internal DNS is so I created a trial certificate through verisign with the name of the mail server and our internal domain name (  The problem is our end users access OWA and sync their phones to  Its the same server it just has a different domain mapping on the outside.  Now our phones give us the following error messages: 1.  SERVER CERTIFICATE DOMAIN DOES NOT MATCH SERVER 2. SSL CERTIFICATE IS NOT TRUSTED UPDATE TRUSTED ROOT LIST.
Question by:trinityfellowship
    LVL 15

    Expert Comment

    Yes, the certificate must say "" This is non negotiable. It doesn't matter what the NetBIOS or AD FQDN of the server is, it's the external DNS name that matters.
    LVL 1

    Author Comment

    Ok, I requested a new trial certificate from Verisign for (external dns).  On my treo 650 I get the following error: There was a problem syncing messages.  SSL Error:  No trusted root Update certificate authority list.
    LVL 15

    Accepted Solution

    Hopefully someone will jump in here but I think I'm right in saying that the trial cert is deliberately untrusted in the Verisign chain.
    Test this without SSL enabled and if it's all OK get the proper Verisign one purchased and running.
    LVL 104

    Assisted Solution

    Verisign's trial certificates are not trusted. That has burnt me before.
    I don't think anyone has a trial certificate trusted by Windows Mobile. RapidSSL's trial certificate is trusted by Windows itself, but not Windows Mobile. Doesn't surprise me as the trusted certificate list on Windows Mobile is very small. You will either have to purchase a certificate that is trusted or import the root certificates.
    Although you don't have to go to Verisign and be ripped off for an SSL certificate. There are many others available that are trusted by Windows Mobile.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Get an idea of what you should include in an email disclaimer with these Top 5 email disclaimer tips.
    Use email signature images to promote corporate certifications and industry awards.
    To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now