Exchange 2007 Transition & Certificates

ITMaster1979
ITMaster1979 used Ask the Experts™
on
Hi All.

   I have installed exchange 2007 on a single server,  for mobile users to work, I have bought SAN/UUC certificate for 5 domains, I have installed in in my exchage 2007 server, now when I login to https://mail.mydomain.com the site opens find without any issues, but when i try from my Nokia E90 which was working fine in exchnage 2003  i get " this site has sent an untrusted certificate, continue anyway" once i continue the site is opening fine.. how can I remove this message for mobile users..
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
ITMaster1979,

Please use the following MS tool:

https://www.testexchangeconnectivity.com/

This should point you to where the problem is, if you dont understand why its failing please post the output for active synch on here
There are many certficate providers (Verisign, Godaddy, etc.). By default, Windows desktops/laptops automatically trust many of the ceritficates from the "big" providers. Some phones do not trust as many providers as desktops/laptops. Check with NOkia to see if the certificate provider you are using is trusted by default. If not, you need to install the certificate on each phone so it's trusted. This article explains how: http://thinkabdul.com/2006/07/24/installing-ssl-certificate-on-nokia-s60-3rd-edition-for-exchange-activesync/.

Author

Commented:
Hii
Please note that i changed the active sync external URL to https://mydomain.com/Microsoft-Server-ActiveSync  but still same
Im getting the following ..
Testing Exchange ActiveSync
 Exchange ActiveSync test Failed
 Test Steps
 Attempting AutoDiscover and Exchange ActiveSync Test (if requested)
 Successfully tested AutoDiscover for Exchange ActiveSync
 Test Steps
 Attempting each method of contacting the AutoDiscover Service
 The AutoDiscover Service was successfully tested.
 Test Steps
 Attempting to test potential AutoDiscover URL https://Mydomain.com/AutoDiscover/AutoDiscover.xml
 Failed testing this potential AutoDiscover URL
 Test Steps
 Attempting to resolve the host name Mydomain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned: 22.223.22.11

Testing TCP Port 443 on host Mydomain.com to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The SSL Certificate failed one or more certificate validation checks.
 Test Steps
 Validating certificate name
 Certificate name validation failed
  Tell me more about this issue and how to resolve it
 Additional Details
 Host name Mydomain.com does not match any name found on the server certificate CN=mail.Mydomain.com, OU=Domain Control Validated, O=mail.Mydomain.com





Attempting to test potential AutoDiscover URL https://autodiscover.Mydomain.com/AutoDiscover/AutoDiscover.xml
 Testing AutoDiscover URL succeeded
 Test Steps
 Attempting to resolve the host name autodiscover.Mydomain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned:  22.223.22.11

Testing TCP Port 443 on host autodiscover.Mydomain.com to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The certificate passed all validation requirements.
 Test Steps
 Validating certificate name
 Successfully validated the certificate name
 Additional Details
 Found hostname autodiscover.Mydomain.com in Certificate Subject Alternative Name entry

Validating certificate trust
 The test passed with some warnings encountered. Please expand additional details.
 Additional Details
 Only able to build certificate chain when using the Root Certificate Update functionality from Windows Update. Your server may not be properly configured to send down the required intermediate certificates to complete the chain. Consult the certificate installation instructions or FAQ's from your Certificate Authority for more information.

Testing certificate date to ensure validity
 Date Validation passed. The certificate is not expired.
 Additional Details
 Certificate is valid: NotBefore = 10/22/2009 5:51:43 PM, NotAfter = 10/22/2010 5:51:43 PM"



Attempting to send AutoDiscover POST request to potential autodiscover URLs.
 Successfully Retrieved AutoDiscover Settings by sending AutoDiscover POST.
 Test Steps
 Attempting to Retrieve XML AutoDiscover Response from url https://autodiscover.Mydomain.com/AutoDiscover/AutoDiscover.xml for user i
Email@Mydomain.com
 Successfully Retrieved AutoDiscover XML Response
 Additional Details
 AutoDiscover Account Settings
XML Response:
<?xml version="1.0"?>
<Autodiscover xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">
<Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">
<Culture>en:en</Culture>
<User>
<DisplayName>My Name </DisplayName>
<EMailAddress>Email@Mydomain.com</EMailAddress>
</User>
<Action>
<Settings>
<Server>
<Type>MobileSync</Type>
<Url>https://mail.Mydomain.com/Microsoft-Server-ActiveSync</Url>
<Name>https://mail.Mydomain.com/Microsoft-Server-ActiveSync</Name>
</Server>
</Settings>
</Action>
</Response>
</Autodiscover>









Validating Exchange ActiveSync settings
 ActiveSync URL https://mail.Mydomain.com/Microsoft-Server-ActiveSync was successfully validated
Attempting to resolve the host name mail.MyDomain.com in DNS.
 Host successfully resolved
 Additional Details
 IP(s) returned:  22.223.22.11

Testing TCP Port 443 on host mail.Mydomain.com to ensure it is listening and open.
 The port was opened successfully.
Testing SSL Certificate for validity.
 The SSL Certificate failed one or more certificate validation checks.
 Test Steps
 Validating certificate name
 Successfully validated the certificate name
 Additional Details
 Found hostname mail.MyDomain.com in Certificate Subject Common name

Validating certificate trust for Windows Mobile Devices
 Certificate trust validation failed
 Additional Details
 Missing intermediate certificate in Certificate Chain. Subject = SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US, See KB 927465 for more details.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

This line is key: "Missing intermediate certificate in Certificate Chain." Many certificate providers give you an intermediate certificate to install on your server in addition to the one you purchased.

You can get it here: http://certificates.starfieldtech.com/repository
And here's a KB from MS on this topic: http://support.microsoft.com/kb/927465

Author

Commented:
Hi , Ok  how can I re import the UUC certifiicate that was installed without the intermediate cert.

Thanks
This web site has a walkthrough of installing both the intermedia and the SSL cert you purchased: http://www.netometer.com/video/tutorials/iis7-godaddy-ssl-certificate/
BTW, that previous link was for IIS7. If you are using IIS6, here's the info for that: http://www.netometer.com/video/tutorials/godaddy-ssl-certificate/index.php

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial