Solved

Cerificates for ssl communication to exchange 2007

Posted on 2008-10-29
8
763 Views
Last Modified: 2012-05-05
hi all

i have certificates on my nokia N95 8Gb that i want on the exchange 2007 server to allow ssl communication for active sync, is it possible to copy a cert from the handheld to the exchange server and if so how, or do i have to purchase one of the same from the providers?

sorry i have been posting few questions on the matter and been quite vague in what i want - due to my lack of knowledge on the matter!! so any help appreciated!
0
Comment
Question by:meteorelec
  • 4
  • 4
8 Comments
 
LVL 3

Expert Comment

by:GibbsSupport
Comment Utility
You can either issue a certificate your self on your exchange 2007 server, then copy the certificate to your hand held device.

Or you can purchase a certificate from any major provider and install it on your 2007 server for active sync.

Mobile devices have a pretty limited root certificate database, you will most likely  have to export the root certificate of what ever you choose to do and import it to your mobile device.

Certificates are pretty complicated and you cant just take a random root certificate and from your phone and throw it on your exchange server. You have to have your exchange server create a certificate request. That request is sent to you certificate vendor and your certificate is created with some very specific information pertaining only to your server.

That is what makes is secure, your server is the only one with that specific certificate. Root Certificates just tell your device that, YES VENDOR A IS A VALID CERTIFICATE COMPANY and THEY ISSUED THIS SERVERS CERTIFICATE.

does that make since?
0
 
LVL 2

Author Comment

by:meteorelec
Comment Utility
but i thought the cert you issue from exchange does not work with active sync?

so what really is the point of the certificates on the mobile device? if you still need to export and import your own?



0
 
LVL 3

Accepted Solution

by:
GibbsSupport earned 500 total points
Comment Utility
You can use a self issued certificate but you have to export your cert to your mobile device, so your device can recognize it as a valid cert. the only certificates on your mobile devices are the Root Certificates.

Certificates on your phone don't actually secure anything. They just validate the Issued Certificate on the server/domain your phone is trying to communicate with. So when your phone contacts your exchange server, your exchange server says "My Certificate was issued from Vendor ABC, this Certificate is for mail.mydomain.com and is valid through 2050."

Your phone then checks to see if Vendor ABC is listed in its root certificates. if it is, your phone will allow you communication with mail.mydomain.com. If its not listed the phone will not validate the server and you will not be able to connect.
0
 
LVL 2

Author Comment

by:meteorelec
Comment Utility
oh, starting to understand!

ok , i know this is a seperate question, but do you know how to create the certificate on exchange
2007?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 3

Expert Comment

by:GibbsSupport
Comment Utility
Check this out
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx

be sure to read up fully on exchange certs before you proceed. 2007 is very dependent on certificates and SSL.
0
 
LVL 2

Author Comment

by:meteorelec
Comment Utility
cheers GibbsSupport i have went a bit head first, will take a good read and attempt
0
 
LVL 2

Author Comment

by:meteorelec
Comment Utility
GibbsSupport, it states the below in the link yoou gave
             
 Exchange ActiveSync: The self-signed certificate cannot be used to encrypt communications between Microsoft Exchange ActiveSync devices and the Exchange server. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party for use with Exchange ActiveSync.


so do i have to go 3rd party?
0
 
LVL 3

Expert Comment

by:GibbsSupport
Comment Utility
you cant use the self signed, that is the cert that exchange creates when it's being installed you can still issue a certificate via your domains certificate authority or go 3rd party

check on this, i haven't used it in 2007 so i am not sure if they can work with it. but i have used them for 2003 and they are free.

http://www.startssl.com/

0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
By this time the large percentage of day-to-day transactions have shifted to mobile banking; here are some overriding areas QAs must investigate while testing mobile banking apps.  
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now