[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1204
  • Last Modified:

Activesync clients don't trust Verisign certificate

My Exchange 2007 client access server has a commercial Verisign SSL standard validation certificate installed.  Outlook web access works fine through the cert, however Activesync clients cannot connect because they don't trust the certificate.

testexchangeconnectivity.com gives me the error of:       Certificate trust validation failed - The certificate chain did not end in a trusted root. Root = OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

I cannot find anything wrong with my SSL....I just bought it a few weeks ago.  Verisign's own SSL Installation Checker (https://knowledge.verisign.com/support/ssl-certificates-support/index?page=certchecker) shows the cert is installed just fine on my CAS.

My CAS is a Windows 2008 Enterprise server.

I've tried updated my intermediate certificate authority following the instructions at https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO8227 to no avail.
0
mdrapp
Asked:
mdrapp
  • 2
1 Solution
 
digitapCommented:
Can you review the following links and see if they help you resolve your challenge?  Please respond back with any further information.

http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/80fb051c-46ef-45df-9a43-69cd22b5fdba

http://www.exchange-genie.com/2008/02/configuring-outlook-anywhere-for-exchange-2007-sp1/
0
 
mdrappAuthor Commented:
Figured it out.   It was indeed that the mobile device did not have the updated root certificates from Verisign.  I thought one only needed to do something on the device if one was using a self-signed certificate.  I also thought that I only needed to install the new root certificates on the CAS.  Once I installed the Class 3 Public Primary Certification Authority - G2 on the device, activesync works just fine.
0
 
digitapCommented:
Great!  I'm glad you found it and that I was able to help.  Thanks for the points!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now