bradl3y
asked on
palm treo, windows mobile 5, pocket outlook, error synchronizing
We previously had a self-signed certificate for owa. It had expired, so we purchased a cert from SSLGenie. We installed the cert and now owa now works fine. However, our mobile users are not having trouble connecting. This one in particular is using a Cingular Palm Treo with Windows Mobile 5.0. It is set up to use POP3, and in the settings for outgoing, it isnt set to use SSL, so not sure why the cert install would be effecting this. We get an "Error Synchronizing" for a split second before it says "Finished".
Is there anywhere i can go to view the details of the error?
Is there anywhere i can go to view the details of the error?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok, thanks for the link. It is already set up to receive by exchange (i didn't know that).
On the device, I am receviing the message "The security certificate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server.
Support Code: 0x80072F0D"
I can browse fine to it using Firefox, IE6, Opera, Safari 3 (Windows), and Google Chrome, without any security warnings.
One thing that just occurred to me, is that i am able to visit the site within our network, while it is resolving to a IP on our local network. Is an IP address part of the certificate? If so, how can I see what IP address it is using? Could the certificate have been requested with the local IP?
On the device, I am receviing the message "The security certificate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server.
Support Code: 0x80072F0D"
I can browse fine to it using Firefox, IE6, Opera, Safari 3 (Windows), and Google Chrome, without any security warnings.
One thing that just occurred to me, is that i am able to visit the site within our network, while it is resolving to a IP on our local network. Is an IP address part of the certificate? If so, how can I see what IP address it is using? Could the certificate have been requested with the local IP?
ASKER
Here is the details fo the error message provided by Cingular Support:
This issue occurs because an intermediate certification authority (CA) certificate is not present on the device or on the Exchange Server server with which you are synchronizing.
Windows Mobile-based devices do not generally contain intermediate CA certificates in their certificate store. Internet Information Services (IIS) will send the whole certificate chain to the device. However, IIS will do this only if it can verify the whole chain. By default, the device does not contain these certificates. Therefore, the server must send them. The device must contain only the root certificate in its certificate store.
Frequently, this issue occurs with GoDaddy certificates because either the root CA certificate or the intermediate CA certificate is missing from the certificate store on the server that is running Windows Server 2003.
Frequently, this issue occurs with VeriSign certificates because the intermediate CA certificate in the certificate store on the Windows Server 2003 server is expired.
So it seems the root certificate that would validate a cert from ssl genie is not on the device right? How would I obtain that root cert?
This issue occurs because an intermediate certification authority (CA) certificate is not present on the device or on the Exchange Server server with which you are synchronizing.
Windows Mobile-based devices do not generally contain intermediate CA certificates in their certificate store. Internet Information Services (IIS) will send the whole certificate chain to the device. However, IIS will do this only if it can verify the whole chain. By default, the device does not contain these certificates. Therefore, the server must send them. The device must contain only the root certificate in its certificate store.
Frequently, this issue occurs with GoDaddy certificates because either the root CA certificate or the intermediate CA certificate is missing from the certificate store on the server that is running Windows Server 2003.
Frequently, this issue occurs with VeriSign certificates because the intermediate CA certificate in the certificate store on the Windows Server 2003 server is expired.
So it seems the root certificate that would validate a cert from ssl genie is not on the device right? How would I obtain that root cert?
ASKER
Ok, I attempted to visit https://owa.myserver.tld/oma in my browser, and was presented with a security warning that the certificate was issued by a ca that i have not chosen to trust., then there were green check marks for the cert has not expired and the cert appears valid.
I have narrowed it down, it appears that the device currently doesnt trust sslgenie.com as a root authority. I am going to post a new question on how to configure it to trust the sslgenie.com certificates as the question is now much more direct, it should get more attention.
I have narrowed it down, it appears that the device currently doesnt trust sslgenie.com as a root authority. I am going to post a new question on how to configure it to trust the sslgenie.com certificates as the question is now much more direct, it should get more attention.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Maybe he had the POP3 account set up only for sending (come to think of it, his pop3 inbox was empty). When i go to "Tools > Options", only the POP3 account is listed.
Are exchange accounts set up somewhere else on the device?