Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1585
  • Last Modified:

Exchange OMA is claiming my certificate is invalid on my Small Business Server

I purchased a GoDaddy Secure Certificate for my company back in February to install on our Exchagne 2003 SP2 server.  I chose this certificate because i would not have to install a certificate on all the mobile devices that connect to Exchange.  Recently, I purchased this same GoDaddy certifcate for another companies Small Business Server.  There mobile devices are saying there is an issue with the servers security.  Webmail works fine without any certificate warings, but any mobile (exchange activesync or OMA) is saying invalid certificate.  Any ideas?
0
ohmErnie
Asked:
ohmErnie
  • 4
  • 3
  • 2
1 Solution
 
dhoustonieCommented:
I had this issue before with Godady and it proved to be the order that the certificates for Godaddy were installed on the server to create the right certificate chain.
Check out these to links as they helped me resolve it:
http://www.amset.info/ssl/gd-root-install.asp
and
http://www.amset.info/ssl/wmerror.asp

HTH
David
0
 
ohmErnieAuthor Commented:
David,

I installed the intermediate cert to the correct folder and am still having issues.  I am also not seeing the four levels down like in the second link you sent.

I went into IIS and removed the cert completely and went to godaddy to perform a re-issue, but when doing so I get a message stating that this cert has already been installed on another system.  Basically I was trying to start from scratch.  I had to import my exported backup cert to get me at least working in a web browser.  OMA is still an issue.  How can I remove all the godaddy certs and try again...this may help now that I have these links.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Sometimes you still need to install GoDaddy's root certificate on some mobile devices.

Please see the instructions for that at the bottom of https://certificates.godaddy.com/InstallationInstructions_alt.go

Jeff
TechSoEasy
0
 
ohmErnieAuthor Commented:
I have the certificate listed on my device.  I am using this same GoDaddy type of cert on another exchange server for a different organization and it works on my phone. hmmm...
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Are you trying to connect the same phone to two separate Exchange Servers?  Because you can't do that.

Jeff
TechSoEasy
0
 
dhoustonieCommented:
What you can do is export the certificate that you use for IIS, this is the certificate you got from Godaddy.
Go into IIS, select the Default Website, and go to properties.
Goto Directory Security and at the bottom of the page, select Server Certificate, select export in the next screen and follow the steps in the next few windows, this will allow you to backup your certificate, which is always a good thing.
One question is do you have ISA installed? this adds an extra layer of complexity.
If you do goto command prompt and type mmc.exe
This will open a blank management console.  File - Add/remove Snapins and add the Certificates snapin for the computer.
Go into Personal Certificates and right click your godaddy cert, select all tasks and export. You want to export it with your private key so that you can install the cert on another server or a rebuilt server with no issues.

Once you have that and you are happy that you have it bcked up and safe, you can then go in and delete all Godaddy certs from the Trusted, Intermediate and Personal certificate stores, then download the godaddy trsted, intermediate certs from their site.
Then first install the trusted root cert, right click Trusted root certs and goto all tasks and select import.
Then do this for the intermediate and finally for your personal cert.
This should sort out your chaining issue.
As Jeff stated you can not run two exchange connections to different servers at the same time on the one device.
Let me know if this helps resolve it.
David
0
 
ohmErnieAuthor Commented:
Jeff... I am only using the web browser to connect to the OMA site in question.  So I am only trying to connect to one.

David...I will give this a shot later tonight.
0
 
ohmErnieAuthor Commented:
David your last post helped!  I removed all the previous certs in the 3 locations and re-imported in the appropriate order and it worked.  I am no longer prompted with an invalid certificate on my phone.  But, when I try to use Exchange activesync, I get a 0x85010014 error...which is an improvement I guess.  I will see if I can resolve this one :) thanks!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now