asked on

Activesync clients don't trust Verisign certificate

My Exchange 2007 client access server has a commercial Verisign SSL standard validation certificate installed. Outlook web access works fine through the cert, however Activesync clients cannot connect because they don't trust the certificate.

testexchangeconnectivity.com gives me the error of: Certificate trust validation failed - The certificate chain did not end in a trusted root. Root = OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

I cannot find anything wrong with my SSL....I just bought it a few weeks ago. Verisign's own SSL Installation Checker (https://knowledge.verisign.com/support/ssl-certificates-support/index?page=certchecker) shows the cert is installed just fine on my CAS.

My CAS is a Windows 2008 Enterprise server.

I've tried updated my intermediate certificate authority following the instructions at https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=SO8227 to no avail.

ASKER CERTIFIED SOLUTION

digitap

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

mdrapp

ASKER

Figured it out. It was indeed that the mobile device did not have the updated root certificates from Verisign. I thought one only needed to do something on the device if one was using a self-signed certificate. I also thought that I only needed to install the new root certificates on the CAS. Once I installed the Class 3 Public Primary Certification Authority - G2 on the device, activesync works just fine.

digitap

Great! I'm glad you found it and that I was able to help. Thanks for the points!