Help with SSL Certificate

Posted on 2009-05-13
Last Modified: 2012-05-06
I finall received permission from the owner of my company to enable SSL on our Exchange Server 2003 with a self-signing certificate.  The last time this was attempted the Treo could not receive the self-signing certificate and the implementation failed.

Does anyone know how to configure the iPhone, a Treo and the Blackberry Storm to accept a self-signed SSL certificate?

Question by:commeng
LVL 26

Expert Comment

by:Gary Cutri
ID: 24376546
iPhone = use the iPhone enterprise configuration utility

Treo = In IE browse to your OWA page or any other page using this self assigned certificate.  Click on the certificate details > Select View Certificate > Select Install Certificate > Press next > Select Place all certificates in the following store > Select Browse > Select Trusted Root Certification Authorities > Press OK > Continue through the prompts until the wizard is completed.  Now in IE select Tools > Internet Options > Select Content > Select Certificates > Select Trusted Root Certification Authorities > Locate and select the certificate you saved > Press Export > Leave all setting as default > create a filename.  Now copy the .CER file to the device and run open it which installs the certificate on the device

BlackBerry = A BlackBerry on BIS will accept a self assigned certificate.
LVL 33

Accepted Solution

Dave Howe earned 500 total points
ID: 24376749
I have seen some issues with self-signed certificates and mobile devices - however, normally those are fine with certificates signed by a corporate CA, provided you first import the CA certificate. The import process is fairly simple - just place a DER encoded CER file of the CA "root" certificate (the MS enterprise CA is fine for this, or you can use the standalone tool) onto a webserver and browse to it. That should offer to import it into the local root store) - this works on almost all devices, and usually the local java applets will use the same store as the browser.
LVL 65

Expert Comment

ID: 24377083
Or spend US$30 on a commercial certificate and save a lot of headaches.

LVL 33

Expert Comment

by:Dave Howe
ID: 24378074
sure, a commercial certificate cuts though a lot of the issues - assuming they can clear that as a recurring expense with the boss :)
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.


Author Comment

ID: 24378278
I actually got permission for the $30 certificate.  I am just trying to figure out how to get the certicate and then load it onto the server.

Author Comment

ID: 24388458
OK, I purchased, downloaded and installed the Certificates for Exchange.  When I am in the office, SSL is working, but when I am outside the office it does not work.  The phones will not work with SSL either, none of them (iphone, treo or blackberry), obviouslly I have done something wrong.

Any ideas why SSL would work inside the office but not anywhere else?
LVL 33

Expert Comment

by:Dave Howe
ID: 24391309
do you have a valid A (dns) record for the exact string referenced ( - if not, even if you put in (say) a NATted IP address, the certificate won't match what the browser expects to compare the certificate to - and the sync will fail.

Author Comment

ID: 24396767
OK Making Progress now.  It was a firewall setting!  Dang it.  I have the iPhones working.  Can someone tell me where on the BES server of on the BB's I can enable SSL.

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Are you having trouble connecting or getting your iPhone / Samsung device(s) to sync with Microsoft Exchange Server?   What have you tried?   What haven't you tried?
Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now