Exchange 2007 Transition & Certificates
Hi All.
I have installed exchange 2007 on a single server, for mobile users to work, I have bought SAN/UUC certificate for 5 domains, I have installed in in my exchage 2007 server, now when I login to https://mail.mydomain.com the site opens find without any issues, but when i try from my Nokia E90 which was working fine in exchnage 2003 i get " this site has sent an untrusted certificate, continue anyway" once i continue the site is opening fine.. how can I remove this message for mobile users..
I have installed exchange 2007 on a single server, for mobile users to work, I have bought SAN/UUC certificate for 5 domains, I have installed in in my exchage 2007 server, now when I login to https://mail.mydomain.com the site opens find without any issues, but when i try from my Nokia E90 which was working fine in exchnage 2003 i get " this site has sent an untrusted certificate, continue anyway" once i continue the site is opening fine.. how can I remove this message for mobile users..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There are many certficate providers (Verisign, Godaddy, etc.). By default, Windows desktops/laptops automatically trust many of the ceritficates from the "big" providers. Some phones do not trust as many providers as desktops/laptops. Check with NOkia to see if the certificate provider you are using is trusted by default. If not, you need to install the certificate on each phone so it's trusted. This article explains how: http://thinkabdul.com/2006/07/24/installing-ssl-certificate-on-nokia-s60-3rd-edition-for-exchange-activesync/.
ASKER
Hii
Please note that i changed the active sync external URL to https://mydomain.com/Microsoft-Server-ActiveSync but still same
Im getting the following ..
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting AutoDiscover and Exchange ActiveSync Test (if requested)
Successfully tested AutoDiscover for Exchange ActiveSync
Test Steps
Attempting each method of contacting the AutoDiscover Service
The AutoDiscover Service was successfully tested.
Test Steps
Attempting to test potential AutoDiscover URL https://Mydomain.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
Test Steps
Attempting to resolve the host name Mydomain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 22.223.22.11
Testing TCP Port 443 on host Mydomain.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details
Host name Mydomain.com does not match any name found on the server certificate CN=mail.Mydomain.com, OU=Domain Control Validated, O=mail.Mydomain.com
Attempting to test potential AutoDiscover URL https://autodiscover.Mydomain.com/AutoDiscover/AutoDiscover.xml
Testing AutoDiscover URL succeeded
Test Steps
Attempting to resolve the host name autodiscover.Mydomain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 22.223.22.11
Testing TCP Port 443 on host autodiscover.Mydomain.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname autodiscover.Mydomain.com in Certificate Subject Alternative Name entry
Validating certificate trust
The test passed with some warnings encountered. Please expand additional details.
Additional Details
Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information.
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 10/22/2009 5:51:43 PM, NotAfter = 10/22/2010 5:51:43 PM"
Attempting to send AutoDiscover POST request to potential autodiscover URLs.
Successfully Retrieved AutoDiscover Settings by sending AutoDiscover POST.
Test Steps
Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.Mydomain.com/AutoDiscover/AutoDiscover.xml for user i
Email@Mydomain.com
Successfully Retrieved AutoDiscover XML Response
Additional Details
AutoDiscover Account Settings
XML Response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:en</Culture>
<User>
<DisplayName>My Name </DisplayName>
<EMailAddress>Email@Mydoma
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.Mydomain.com/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.Mydomain.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
Validating Exchange ActiveSync settings
ActiveSync URL https://mail.Mydomain.com/Microsoft-Server-ActiveSync was successfully validated
Attempting to resolve the host name mail.MyDomain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 22.223.22.11
Testing TCP Port 443 on host mail.Mydomain.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname mail.MyDomain.com in Certificate Subject Common name
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed
Additional Details
Missing intermediate certificate in Certificate Chain. Subject = SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US, See KB 927465 for more details.
Please note that i changed the active sync external URL to https://mydomain.com/Microsoft-Server-ActiveSync but still same
Im getting the following ..
Testing Exchange ActiveSync
Exchange ActiveSync test Failed
Test Steps
Attempting AutoDiscover and Exchange ActiveSync Test (if requested)
Successfully tested AutoDiscover for Exchange ActiveSync
Test Steps
Attempting each method of contacting the AutoDiscover Service
The AutoDiscover Service was successfully tested.
Test Steps
Attempting to test potential AutoDiscover URL https://Mydomain.com/AutoDiscover/AutoDiscover.xml
Failed testing this potential AutoDiscover URL
Test Steps
Attempting to resolve the host name Mydomain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 22.223.22.11
Testing TCP Port 443 on host Mydomain.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Certificate name validation failed
Tell me more about this issue and how to resolve it
Additional Details
Host name Mydomain.com does not match any name found on the server certificate CN=mail.Mydomain.com, OU=Domain Control Validated, O=mail.Mydomain.com
Attempting to test potential AutoDiscover URL https://autodiscover.Mydomain.com/AutoDiscover/AutoDiscover.xml
Testing AutoDiscover URL succeeded
Test Steps
Attempting to resolve the host name autodiscover.Mydomain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 22.223.22.11
Testing TCP Port 443 on host autodiscover.Mydomain.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The certificate passed all validation requirements.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname autodiscover.Mydomain.com in Certificate Subject Alternative Name entry
Validating certificate trust
The test passed with some warnings encountered. Please expand additional details.
Additional Details
Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information.
Testing certificate date to ensure validity
Date Validation passed. The certificate is not expired.
Additional Details
Certificate is valid: NotBefore = 10/22/2009 5:51:43 PM, NotAfter = 10/22/2010 5:51:43 PM"
Attempting to send AutoDiscover POST request to potential autodiscover URLs.
Successfully Retrieved AutoDiscover Settings by sending AutoDiscover POST.
Test Steps
Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.Mydomain.com/AutoDiscover/AutoDiscover.xml for user i
Email@Mydomain.com
Successfully Retrieved AutoDiscover XML Response
Additional Details
AutoDiscover Account Settings
XML Response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:en</Culture>
<User>
<DisplayName>My Name </DisplayName>
<EMailAddress>Email@Mydoma
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.Mydomain.com/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.Mydomain.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>
Validating Exchange ActiveSync settings
ActiveSync URL https://mail.Mydomain.com/Microsoft-Server-ActiveSync was successfully validated
Attempting to resolve the host name mail.MyDomain.com in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 22.223.22.11
Testing TCP Port 443 on host mail.Mydomain.com to ensure it is listening and open.
The port was opened successfully.
Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.
Test Steps
Validating certificate name
Successfully validated the certificate name
Additional Details
Found hostname mail.MyDomain.com in Certificate Subject Common name
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed
Additional Details
Missing intermediate certificate in Certificate Chain. Subject = SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US, See KB 927465 for more details.
This line is key: "Missing intermediate certificate in Certificate Chain." Many certificate providers give you an intermediate certificate to install on your server in addition to the one you purchased.
You can get it here: http://certificates.starfieldtech.com/repository
You can get it here: http://certificates.starfieldtech.com/repository
And here's a KB from MS on this topic: http://support.microsoft.com/kb/927465
ASKER
Hi , Ok how can I re import the UUC certifiicate that was installed without the intermediate cert.
Thanks
Thanks
This web site has a walkthrough of installing both the intermedia and the SSL cert you purchased: http://www.netometer.com/video/tutorials/iis7-godaddy-ssl-certificate/
BTW, that previous link was for IIS7. If you are using IIS6, here's the info for that: http://www.netometer.com/video/tutorials/godaddy-ssl-certificate/index.php