ssl certificate confusion

I'm using exchange 2003 and owa and trying to get active sync to work for iphones.  
about 8 months ago i got an ssl certificate from godaddy and was able to get active sync up and working for iphones and had form based authentication working for OWA.  
This all changed recently.  
iphones no longer connect and i got rid of the old certificate and am trying to establish a new one with godaddy as i type.
i used a tool called Exchange Remote Connectivity Analyzer from the url
https://www.testexchangeconnectivity.com/Default.aspx
i'm going to call my domain  test.com
the initial ssl certificate was issued to www.test.com and like i said everything worked fine.
all of a sudden iphones quit working and the remote connectivity Analyzer is failing from the above mentioned url.

here is the output from the analyzer.
i guess what im asking is this
do i need an ssl certicate for mail.test.com for both to work
or an ssl certificate for test.com

Testing Exchange ActiveSync  
  Exchange ActiveSync test Failed
   Test Steps
   Attempting AutoDiscover and Exchange ActiveSync Test (if requested)
  Failed to test AutoDiscover for Exchange ActiveSync  
   Test Steps
   Attempting each method of contacting the AutoDiscover Service
  Failed to contact the AutoDiscover service successfully by any method
   Test Steps
   Attempting to test potential AutoDiscover URL https://test.com/AutoDiscover/AutoDiscover.xml 
  Failed testing this potential AutoDiscover URL
   Test Steps
   Attempting to resolve the host name test.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 1.1.1.1  
 
 Testing TCP Port 443 on host test.com to ensure it is listening and open.
  The port was opened successfully.
 Testing SSL Certificate for validity.
  The SSL Certificate failed one or more certificate validation checks.
   Test Steps
   Validating certificate name
  Certificate name validation failed
   Tell me more about this issue and how to resolve it
   Additional Details
  Host name test.com does not match any name found on the server certificate CN=mail.test.com, OU=Domain Control Validated, O=mail.test.com  
 
 
 
 
 
 Attempting to test potential AutoDiscover URL https://autodiscover.test.com/AutoDiscover/AutoDiscover.xml 
  Failed testing this potential AutoDiscover URL
   Test Steps
   Attempting to resolve the host name autodiscover.test.com in DNS.
  The Host could not be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.test.com could not be resolved in DNS Exception Details:
Message: No such host is known
Type: System.Net.Sockets.SocketException
Stack Trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
 
 
 
 
 Attempting to contact the AutoDiscover service using the HTTP redirect method.
  Failed to contact AutoDiscover using the HTTP Redirect method
   Test Steps
   Attempting to resolve the host name autodiscover.test.com in DNS.
  The Host could not be resolved.
   Tell me more about this issue and how to resolve it
   Additional Details
  Host autodiscover.test.com could not be resolved in DNS Exception Details:
Message: No such host is known
Type: System.Net.Sockets.SocketException
Stack Trace:
at System.Net.Dns.GetAddrInfo(String name)
at System.Net.Dns.InternalGetHostByName(String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddresses(String hostNameOrAddress)
at Microsoft.Exchange.Tools.ExRca.Tests.ResolveHostTest.PerformTestReally()
 
 
 
 
 Attempting to contact the AutoDiscover service using the DNS SRV redirect method.
  Failed to contact AutoDiscover using the DNS SRV redirect method.
   Test Steps
   Attempting to locate SRV record _autodiscover._tcp.test.com in DNS.
  Failed to find AutoDiscover SRV record in DNS.
   Tell me more about this issue and how to resolve it
 
 
 
 
 
 
 
 
jamesmetcalf74Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Shreedhar EtteCommented:
Hi,

At the https://www.testexchangeconnectivity.com/ use the option Exchange ActiveSync.

Use the Manually Specify Server Settings option to test the active sync.

As it is Exchange 2003 Auto discover is not there.

Also make sure you have installed new certificate on the mobile devices.

Hope this helps,
Shree
0
Paul MacDonaldDirector, Information SystemsCommented:
"initial ssl certificate was issued to www.test.com"
But it worked for mail.test.com?  Or do you somehow have mail.test.com virtualized under www.test.com?  It seems more likely you got a wildcard SSL certificate for *.test.com and were able to use it everywhere.
Can you ping mail.test.com?  Can you get to your mail server from inside your organization?  What about OWA from inside?
0
jamesmetcalf74Author Commented:
will a wild card ssl certificate cover.

mail.test.com
and
test.com
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Shreedhar EtteCommented:
If the certificate is *.test.com then it will cover.
0
jamesmetcalf74Author Commented:
ok last question
so this *.test.com
can also be used for forms based exchange authentication for owa 2003?
and used for active sync on the iphone?
0
ParanormasticCryptographic EngineerCommented:
>> will a wild card ssl certificate cover.
>> mail.test.com
>> and
>> test.com

No.  It will cover anything.test.com, but not test.com without a prefix.
0
jamesmetcalf74Author Commented:
ok
i worked with godaddy and got the ssl owa forms based authentication working again

no success on iphones connecting to the exchange server
here is the results from the testing exchange activesync

 Testing Exchange ActiveSync  
  Exchange ActiveSync test Failed
   Test Steps
   Attempting to resolve the host name mail.test.com in DNS.
  Host successfully resolved
   Additional Details
  IP(s) returned: 111.111.111.111  
 
 Testing TCP Port 443 on host mail.test.com to ensure it is listening and open.
  The port was opened successfully.
 Testing SSL Certificate for validity.
  The SSL Certificate failed one or more certificate validation checks.
   Tell me more about this issue and how to resolve it
   Additional Details
  A network error occurred while communicating with remote host
Exception Details:
Message: Authentication failed because the remote party has closed the transport stream.
Type: System.IO.IOException
Stack Trace:
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Exchange.Tools.ExRca.Tests.SSLCertificateTest.PerformTestReally()
 
 
 
 
 

 
 
   




0
Paul MacDonaldDirector, Information SystemsCommented:
You'll need to make a point of replacing the certificate wherever it was in use.  Look in the SMTP, IMAP and POP3 settings to see if you need to update certificates there.  

Also, put a note on your calendar to remind you to replace this certificate before it expires.
0
Paul MacDonaldDirector, Information SystemsCommented:
You'll need to make a point of replacing the certificate wherever it was in use.  Look in the SMTP, IMAP and POP3 settings to see if you need to update certificates there.  

Also, put a note on your calendar to remind you to replace this certificate before it expires.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jamesmetcalf74Author Commented:
http://technet.microsoft.com/en-us/library/dd439375(EXCHG.80).aspx

Integrated Windows Authentication may not be enabled on the back-end server's "/Exchange" virtual directory.


thanks for all the help guys.
once the certificate got fixed i was just missing a checkmark
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.