Exchange 2010, Mobile Phones, and SSL
Posted on 2010-08-23
I recently migrated a Windows 2003 (w Exchange 2003) server to Windows 2008 (w Exchange 2010) server. The mailboxes migrated fine but I think I inadvertently broke the SSL hierarchy. I'm pretty good at exchange but not very good at SSL.
When I log into the OWA via firefox I get this:
"Certificate belongs to a different site, which could indicate identity theft". I accept the certificate anyways and I get OWA successfully.
When I use a blackberry to set up the phone for email I get this error code:
When I set up an iphone to the exchange I get:
"Unable to verify Certificate from autodiscover.domain.com for account email@example.com could not be verified." - I click "accept"
Then it tells me "exchange account verification failed". If I click next to finish, it asks me for my password over and over.
Here is what I've done to troubleshoot: (I left out the actual domain name)
1. Ran the Exchange remote Connectivity Analyzer:
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Attempting to resolve the host name mail.domain.com in DNS.
Host successfully resolved
IP(s) returned: 12.X.X.X
Testing TCP Port 443 on host mail.domain.com to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Host name mail.domain.com does not match any name found on the server certificate CN=admin-exch
2. I've googled the hell out of all the error message to come out even more confused.
Clearly I need some education here. My questions include:
1. how to set up a self-signed root certificate for the entire domain with matching host name?
2. How to get iphone and blackberry to work with exchange 2010?
Thank you in advanced.