[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Help with SSL Certificate

Posted on 2009-05-13
Medium Priority
Last Modified: 2012-05-06
I finall received permission from the owner of my company to enable SSL on our Exchange Server 2003 with a self-signing certificate.  The last time this was attempted the Treo could not receive the self-signing certificate and the implementation failed.

Does anyone know how to configure the iPhone, a Treo and the Blackberry Storm to accept a self-signed SSL certificate?

Question by:commeng
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 26

Expert Comment

by:Gary Cutri
ID: 24376546
iPhone = use the iPhone enterprise configuration utility

Treo = In IE browse to your OWA page or any other page using this self assigned certificate.  Click on the certificate details > Select View Certificate > Select Install Certificate > Press next > Select Place all certificates in the following store > Select Browse > Select Trusted Root Certification Authorities > Press OK > Continue through the prompts until the wizard is completed.  Now in IE select Tools > Internet Options > Select Content > Select Certificates > Select Trusted Root Certification Authorities > Locate and select the certificate you saved > Press Export > Leave all setting as default > create a filename.  Now copy the .CER file to the device and run open it which installs the certificate on the device

BlackBerry = A BlackBerry on BIS will accept a self assigned certificate.
LVL 33

Accepted Solution

Dave Howe earned 2000 total points
ID: 24376749
I have seen some issues with self-signed certificates and mobile devices - however, normally those are fine with certificates signed by a corporate CA, provided you first import the CA certificate. The import process is fairly simple - just place a DER encoded CER file of the CA "root" certificate (the MS enterprise CA is fine for this, or you can use the standalone http://sourceforge.net/projects/xca tool) onto a webserver and browse to it. That should offer to import it into the local root store) - this works on almost all devices, and usually the local java applets will use the same store as the browser.
LVL 65

Expert Comment

ID: 24377083
Or spend US$30 on a commercial certificate and save a lot of headaches.

Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

LVL 33

Expert Comment

by:Dave Howe
ID: 24378074
sure, a commercial certificate cuts though a lot of the issues - assuming they can clear that as a recurring expense with the boss :)

Author Comment

ID: 24378278
I actually got permission for the $30 certificate.  I am just trying to figure out how to get the certicate and then load it onto the server.

Author Comment

ID: 24388458
OK, I purchased, downloaded and installed the Certificates for Exchange.  When I am in the office, SSL is working https://webaddres.domain.com/exchange, but when I am outside the office it does not work.  The phones will not work with SSL either, none of them (iphone, treo or blackberry), obviouslly I have done something wrong.

Any ideas why SSL would work inside the office but not anywhere else?
LVL 33

Expert Comment

by:Dave Howe
ID: 24391309
do you have a valid A (dns) record for the exact string referenced (webaddres.domain.com) - if not, even if you put in (say) a NATted IP address, the certificate won't match what the browser expects to compare the certificate to - and the sync will fail.

Author Comment

ID: 24396767
OK Making Progress now.  It was a firewall setting!  Dang it.  I have the iPhones working.  Can someone tell me where on the BES server of on the BB's I can enable SSL.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

iCloud Drive was introduced after iOS 8 was launched last year. This drive is Apple’s online storage device that lets users sync their files and access them from all their Apple devices.   There is a lot of data that is not automatically backed up…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question