[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 784
  • Last Modified:

Exchange 2003 Direct Push SSL Certificate Problem

We recently installed exchange 2003 sp2 on windows server 2003 standard.  We would like to use active sync with direct push, but have a question about ssl certificates.  Our internal DNS is int-tfchurch.org so I created a trial certificate through verisign with the name of the mail server and our internal domain name (server.int-company.org).  The problem is our end users access OWA and sync their phones to mail.company.org.  Its the same server it just has a different domain mapping on the outside.  Now our phones give us the following error messages: 1.  SERVER CERTIFICATE DOMAIN DOES NOT MATCH SERVER 2. SSL CERTIFICATE IS NOT TRUSTED UPDATE TRUSTED ROOT LIST.
0
trinityfellowship
Asked:
trinityfellowship
  • 2
2 Solutions
 
czcdctCommented:
Yes, the certificate must say "Mail.company.org" This is non negotiable. It doesn't matter what the NetBIOS or AD FQDN of the server is, it's the external DNS name that matters.
0
 
trinityfellowshipAuthor Commented:
Ok, I requested a new trial certificate from Verisign for mail.company.org (external dns).  On my treo 650 I get the following error: There was a problem syncing messages.  SSL Error:  No trusted root Update certificate authority list.
0
 
czcdctCommented:
Hopefully someone will jump in here but I think I'm right in saying that the trial cert is deliberately untrusted in the Verisign chain.
Test this without SSL enabled and if it's all OK get the proper Verisign one purchased and running.
0
 
SembeeCommented:
Verisign's trial certificates are not trusted. That has burnt me before.
I don't think anyone has a trial certificate trusted by Windows Mobile. RapidSSL's trial certificate is trusted by Windows itself, but not Windows Mobile. Doesn't surprise me as the trusted certificate list on Windows Mobile is very small. You will either have to purchase a certificate that is trusted or import the root certificates.
Although you don't have to go to Verisign and be ripped off for an SSL certificate. There are many others available that are trusted by Windows Mobile.

Simon.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now