Solved

Cerificates for ssl communication to exchange 2007

Posted on 2008-10-29
8
775 Views
Last Modified: 2012-05-05
hi all

i have certificates on my nokia N95 8Gb that i want on the exchange 2007 server to allow ssl communication for active sync, is it possible to copy a cert from the handheld to the exchange server and if so how, or do i have to purchase one of the same from the providers?

sorry i have been posting few questions on the matter and been quite vague in what i want - due to my lack of knowledge on the matter!! so any help appreciated!
0
Comment
Question by:meteorelec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 3

Expert Comment

by:GibbsSupport
ID: 22830951
You can either issue a certificate your self on your exchange 2007 server, then copy the certificate to your hand held device.

Or you can purchase a certificate from any major provider and install it on your 2007 server for active sync.

Mobile devices have a pretty limited root certificate database, you will most likely  have to export the root certificate of what ever you choose to do and import it to your mobile device.

Certificates are pretty complicated and you cant just take a random root certificate and from your phone and throw it on your exchange server. You have to have your exchange server create a certificate request. That request is sent to you certificate vendor and your certificate is created with some very specific information pertaining only to your server.

That is what makes is secure, your server is the only one with that specific certificate. Root Certificates just tell your device that, YES VENDOR A IS A VALID CERTIFICATE COMPANY and THEY ISSUED THIS SERVERS CERTIFICATE.

does that make since?
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22831096
but i thought the cert you issue from exchange does not work with active sync?

so what really is the point of the certificates on the mobile device? if you still need to export and import your own?



0
 
LVL 3

Accepted Solution

by:
GibbsSupport earned 500 total points
ID: 22831204
You can use a self issued certificate but you have to export your cert to your mobile device, so your device can recognize it as a valid cert. the only certificates on your mobile devices are the Root Certificates.

Certificates on your phone don't actually secure anything. They just validate the Issued Certificate on the server/domain your phone is trying to communicate with. So when your phone contacts your exchange server, your exchange server says "My Certificate was issued from Vendor ABC, this Certificate is for mail.mydomain.com and is valid through 2050."

Your phone then checks to see if Vendor ABC is listed in its root certificates. if it is, your phone will allow you communication with mail.mydomain.com. If its not listed the phone will not validate the server and you will not be able to connect.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:meteorelec
ID: 22831233
oh, starting to understand!

ok , i know this is a seperate question, but do you know how to create the certificate on exchange
2007?
0
 
LVL 3

Expert Comment

by:GibbsSupport
ID: 22832116
Check this out
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx

be sure to read up fully on exchange certs before you proceed. 2007 is very dependent on certificates and SSL.
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22833141
cheers GibbsSupport i have went a bit head first, will take a good read and attempt
0
 
LVL 2

Author Comment

by:meteorelec
ID: 22833236
GibbsSupport, it states the below in the link yoou gave
             
 Exchange ActiveSync: The self-signed certificate cannot be used to encrypt communications between Microsoft Exchange ActiveSync devices and the Exchange server. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party for use with Exchange ActiveSync.


so do i have to go 3rd party?
0
 
LVL 3

Expert Comment

by:GibbsSupport
ID: 22833294
you cant use the self signed, that is the cert that exchange creates when it's being installed you can still issue a certificate via your domains certificate authority or go 3rd party

check on this, i haven't used it in 2007 so i am not sure if they can work with it. but i have used them for 2003 and they are free.

http://www.startssl.com/

0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question