Exchange OMA is claiming my certificate is invalid on my Small Business Server

I purchased a GoDaddy Secure Certificate for my company back in February to install on our Exchagne 2003 SP2 server.  I chose this certificate because i would not have to install a certificate on all the mobile devices that connect to Exchange.  Recently, I purchased this same GoDaddy certifcate for another companies Small Business Server.  There mobile devices are saying there is an issue with the servers security.  Webmail works fine without any certificate warings, but any mobile (exchange activesync or OMA) is saying invalid certificate.  Any ideas?
LVL 1
ohmErnieAsked:
Who is Participating?
 
dhoustonieCommented:
What you can do is export the certificate that you use for IIS, this is the certificate you got from Godaddy.
Go into IIS, select the Default Website, and go to properties.
Goto Directory Security and at the bottom of the page, select Server Certificate, select export in the next screen and follow the steps in the next few windows, this will allow you to backup your certificate, which is always a good thing.
One question is do you have ISA installed? this adds an extra layer of complexity.
If you do goto command prompt and type mmc.exe
This will open a blank management console.  File - Add/remove Snapins and add the Certificates snapin for the computer.
Go into Personal Certificates and right click your godaddy cert, select all tasks and export. You want to export it with your private key so that you can install the cert on another server or a rebuilt server with no issues.

Once you have that and you are happy that you have it bcked up and safe, you can then go in and delete all Godaddy certs from the Trusted, Intermediate and Personal certificate stores, then download the godaddy trsted, intermediate certs from their site.
Then first install the trusted root cert, right click Trusted root certs and goto all tasks and select import.
Then do this for the intermediate and finally for your personal cert.
This should sort out your chaining issue.
As Jeff stated you can not run two exchange connections to different servers at the same time on the one device.
Let me know if this helps resolve it.
David
0
 
dhoustonieCommented:
I had this issue before with Godady and it proved to be the order that the certificates for Godaddy were installed on the server to create the right certificate chain.
Check out these to links as they helped me resolve it:
http://www.amset.info/ssl/gd-root-install.asp
and
http://www.amset.info/ssl/wmerror.asp

HTH
David
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
ohmErnieAuthor Commented:
David,

I installed the intermediate cert to the correct folder and am still having issues.  I am also not seeing the four levels down like in the second link you sent.

I went into IIS and removed the cert completely and went to godaddy to perform a re-issue, but when doing so I get a message stating that this cert has already been installed on another system.  Basically I was trying to start from scratch.  I had to import my exported backup cert to get me at least working in a web browser.  OMA is still an issue.  How can I remove all the godaddy certs and try again...this may help now that I have these links.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Sometimes you still need to install GoDaddy's root certificate on some mobile devices.

Please see the instructions for that at the bottom of https://certificates.godaddy.com/InstallationInstructions_alt.go

Jeff
TechSoEasy
0
 
ohmErnieAuthor Commented:
I have the certificate listed on my device.  I am using this same GoDaddy type of cert on another exchange server for a different organization and it works on my phone. hmmm...
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Are you trying to connect the same phone to two separate Exchange Servers?  Because you can't do that.

Jeff
TechSoEasy
0
 
ohmErnieAuthor Commented:
Jeff... I am only using the web browser to connect to the OMA site in question.  So I am only trying to connect to one.

David...I will give this a shot later tonight.
0
 
ohmErnieAuthor Commented:
David your last post helped!  I removed all the previous certs in the 3 locations and re-imported in the appropriate order and it worked.  I am no longer prompted with an invalid certificate on my phone.  But, when I try to use Exchange activesync, I get a 0x85010014 error...which is an improvement I guess.  I will see if I can resolve this one :) thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.