Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Help with SSL Certificate

Posted on 2009-05-13
8
1,270 Views
Last Modified: 2012-05-06
I finall received permission from the owner of my company to enable SSL on our Exchange Server 2003 with a self-signing certificate.  The last time this was attempted the Treo could not receive the self-signing certificate and the implementation failed.

Does anyone know how to configure the iPhone, a Treo and the Blackberry Storm to accept a self-signed SSL certificate?

Thanks,
0
Comment
Question by:commeng
8 Comments
 
LVL 26

Expert Comment

by:Gary Cutri
ID: 24376546
iPhone = use the iPhone enterprise configuration utility

Treo = In IE browse to your OWA page or any other page using this self assigned certificate.  Click on the certificate details > Select View Certificate > Select Install Certificate > Press next > Select Place all certificates in the following store > Select Browse > Select Trusted Root Certification Authorities > Press OK > Continue through the prompts until the wizard is completed.  Now in IE select Tools > Internet Options > Select Content > Select Certificates > Select Trusted Root Certification Authorities > Locate and select the certificate you saved > Press Export > Leave all setting as default > create a filename.  Now copy the .CER file to the device and run open it which installs the certificate on the device

BlackBerry = A BlackBerry on BIS will accept a self assigned certificate.
0
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 24376749
I have seen some issues with self-signed certificates and mobile devices - however, normally those are fine with certificates signed by a corporate CA, provided you first import the CA certificate. The import process is fairly simple - just place a DER encoded CER file of the CA "root" certificate (the MS enterprise CA is fine for this, or you can use the standalone http://sourceforge.net/projects/xca tool) onto a webserver and browse to it. That should offer to import it into the local root store) - this works on almost all devices, and usually the local java applets will use the same store as the browser.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24377083
Or spend US$30 on a commercial certificate and save a lot of headaches.
https://CertificatesForExchange.com/ 

Simon.
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 33

Expert Comment

by:Dave Howe
ID: 24378074
sure, a commercial certificate cuts though a lot of the issues - assuming they can clear that as a recurring expense with the boss :)
0
 

Author Comment

by:commeng
ID: 24378278
I actually got permission for the $30 certificate.  I am just trying to figure out how to get the certicate and then load it onto the server.
0
 

Author Comment

by:commeng
ID: 24388458
OK, I purchased, downloaded and installed the Certificates for Exchange.  When I am in the office, SSL is working https://webaddres.domain.com/exchange, but when I am outside the office it does not work.  The phones will not work with SSL either, none of them (iphone, treo or blackberry), obviouslly I have done something wrong.

Any ideas why SSL would work inside the office but not anywhere else?
0
 
LVL 33

Expert Comment

by:Dave Howe
ID: 24391309
do you have a valid A (dns) record for the exact string referenced (webaddres.domain.com) - if not, even if you put in (say) a NATted IP address, the certificate won't match what the browser expects to compare the certificate to - and the sync will fail.
0
 

Author Comment

by:commeng
ID: 24396767
OK Making Progress now.  It was a firewall setting!  Dang it.  I have the iPhones working.  Can someone tell me where on the BES server of on the BB's I can enable SSL.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

iCloud Drive was introduced after iOS 8 was launched last year. This drive is Apple’s online storage device that lets users sync their files and access them from all their Apple devices.   There is a lot of data that is not automatically backed up…
#SSL #TLS #Citrix #HTTPS #PKI #Compliance #Certificate #Encryption #StoreFront #Web Interface #Citrix XenApp
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question