[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Help with SSL Certificate

Posted on 2009-05-13
8
Medium Priority
?
1,276 Views
Last Modified: 2012-05-06
I finall received permission from the owner of my company to enable SSL on our Exchange Server 2003 with a self-signing certificate.  The last time this was attempted the Treo could not receive the self-signing certificate and the implementation failed.

Does anyone know how to configure the iPhone, a Treo and the Blackberry Storm to accept a self-signed SSL certificate?

Thanks,
0
Comment
Question by:commeng
8 Comments
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24376546
iPhone = use the iPhone enterprise configuration utility

Treo = In IE browse to your OWA page or any other page using this self assigned certificate.  Click on the certificate details > Select View Certificate > Select Install Certificate > Press next > Select Place all certificates in the following store > Select Browse > Select Trusted Root Certification Authorities > Press OK > Continue through the prompts until the wizard is completed.  Now in IE select Tools > Internet Options > Select Content > Select Certificates > Select Trusted Root Certification Authorities > Locate and select the certificate you saved > Press Export > Leave all setting as default > create a filename.  Now copy the .CER file to the device and run open it which installs the certificate on the device

BlackBerry = A BlackBerry on BIS will accept a self assigned certificate.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 24376749
I have seen some issues with self-signed certificates and mobile devices - however, normally those are fine with certificates signed by a corporate CA, provided you first import the CA certificate. The import process is fairly simple - just place a DER encoded CER file of the CA "root" certificate (the MS enterprise CA is fine for this, or you can use the standalone http://sourceforge.net/projects/xca tool) onto a webserver and browse to it. That should offer to import it into the local root store) - this works on almost all devices, and usually the local java applets will use the same store as the browser.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24377083
Or spend US$30 on a commercial certificate and save a lot of headaches.
https://CertificatesForExchange.com/ 

Simon.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
LVL 33

Expert Comment

by:Dave Howe
ID: 24378074
sure, a commercial certificate cuts though a lot of the issues - assuming they can clear that as a recurring expense with the boss :)
0
 

Author Comment

by:commeng
ID: 24378278
I actually got permission for the $30 certificate.  I am just trying to figure out how to get the certicate and then load it onto the server.
0
 

Author Comment

by:commeng
ID: 24388458
OK, I purchased, downloaded and installed the Certificates for Exchange.  When I am in the office, SSL is working https://webaddres.domain.com/exchange, but when I am outside the office it does not work.  The phones will not work with SSL either, none of them (iphone, treo or blackberry), obviouslly I have done something wrong.

Any ideas why SSL would work inside the office but not anywhere else?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 24391309
do you have a valid A (dns) record for the exact string referenced (webaddres.domain.com) - if not, even if you put in (say) a NATted IP address, the certificate won't match what the browser expects to compare the certificate to - and the sync will fail.
0
 

Author Comment

by:commeng
ID: 24396767
OK Making Progress now.  It was a firewall setting!  Dang it.  I have the iPhones working.  Can someone tell me where on the BES server of on the BB's I can enable SSL.
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question