Activesync clients don't trust Verisign certificate

My Exchange 2007 client access server has a commercial Verisign SSL standard validation certificate installed.  Outlook web access works fine through the cert, however Activesync clients cannot connect because they don't trust the certificate.

testexchangeconnectivity.com gives me the error of:       Certificate trust validation failed - The certificate chain did not end in a trusted root. Root = OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

I cannot find anything wrong with my SSL....I just bought it a few weeks ago.  Verisign's own SSL Installation Checker (https://knowledge.verisign.com/support/ssl-certificates-support/index?page=certchecker) shows the cert is installed just fine on my CAS.

My CAS is a Windows 2008 Enterprise server.

I've tried updated my intermediate certificate authority following the instructions at https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO8227 to no avail.
mdrappAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

digitapCommented:
Can you review the following links and see if they help you resolve your challenge?  Please respond back with any further information.

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/80fb051c-46ef-45df-9a43-69cd22b5fdba

http://www.exchange-genie.com/2008/02/configuring-outlook-anywhere-for-exchange-2007-sp1/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mdrappAuthor Commented:
Figured it out.   It was indeed that the mobile device did not have the updated root certificates from Verisign.  I thought one only needed to do something on the device if one was using a self-signed certificate.  I also thought that I only needed to install the new root certificates on the CAS.  Once I installed the Class 3 Public Primary Certification Authority - G2 on the device, activesync works just fine.
0
digitapCommented:
Great!  I'm glad you found it and that I was able to help.  Thanks for the points!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Smartphone Programming

From novice to tech pro — start learning today.