Solved

Cerificates for ssl communication to exchange 2007

Posted on 2008-10-29
8
766 Views
Last Modified: 2012-05-05
hi all

i have certificates on my nokia N95 8Gb that i want on the exchange 2007 server to allow ssl communication for active sync, is it possible to copy a cert from the handheld to the exchange server and if so how, or do i have to purchase one of the same from the providers?

sorry i have been posting few questions on the matter and been quite vague in what i want - due to my lack of knowledge on the matter!! so any help appreciated!
0
Comment
Question by:meteorelec
  • 4
  • 4
8 Comments
 
LVL 3

Expert Comment

by:GibbsSupport
ID: 22830951
You can either issue a certificate your self on your exchange 2007 server, then copy the certificate to your hand held device.

Or you can purchase a certificate from any major provider and install it on your 2007 server for active sync.

Mobile devices have a pretty limited root certificate database, you will most likely  have to export the root certificate of what ever you choose to do and import it to your mobile device.

Certificates are pretty complicated and you cant just take a random root certificate and from your phone and throw it on your exchange server. You have to have your exchange server create a certificate request. That request is sent to you certificate vendor and your certificate is created with some very specific information pertaining only to your server.

That is what makes is secure, your server is the only one with that specific certificate. Root Certificates just tell your device that, YES VENDOR A IS A VALID CERTIFICATE COMPANY and THEY ISSUED THIS SERVERS CERTIFICATE.

does that make since?
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22831096
but i thought the cert you issue from exchange does not work with active sync?

so what really is the point of the certificates on the mobile device? if you still need to export and import your own?



0
 
LVL 3

Accepted Solution

by:
GibbsSupport earned 500 total points
ID: 22831204
You can use a self issued certificate but you have to export your cert to your mobile device, so your device can recognize it as a valid cert. the only certificates on your mobile devices are the Root Certificates.

Certificates on your phone don't actually secure anything. They just validate the Issued Certificate on the server/domain your phone is trying to communicate with. So when your phone contacts your exchange server, your exchange server says "My Certificate was issued from Vendor ABC, this Certificate is for mail.mydomain.com and is valid through 2050."

Your phone then checks to see if Vendor ABC is listed in its root certificates. if it is, your phone will allow you communication with mail.mydomain.com. If its not listed the phone will not validate the server and you will not be able to connect.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22831233
oh, starting to understand!

ok , i know this is a seperate question, but do you know how to create the certificate on exchange
2007?
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 
LVL 3

Expert Comment

by:GibbsSupport
ID: 22832116
Check this out
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx

be sure to read up fully on exchange certs before you proceed. 2007 is very dependent on certificates and SSL.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22833141
cheers GibbsSupport i have went a bit head first, will take a good read and attempt
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22833236
GibbsSupport, it states the below in the link yoou gave
             
 Exchange ActiveSync: The self-signed certificate cannot be used to encrypt communications between Microsoft Exchange ActiveSync devices and the Exchange server. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party for use with Exchange ActiveSync.


so do i have to go 3rd party?
0
 
LVL 3

Expert Comment

by:GibbsSupport
ID: 22833294
you cant use the self signed, that is the cert that exchange creates when it's being installed you can still issue a certificate via your domains certificate authority or go 3rd party

check on this, i haven't used it in 2007 so i am not sure if they can work with it. but i have used them for 2003 and they are free.

http://www.startssl.com/

0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Find out what you should include to make the best professional email signature for your organization.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now