Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Will smartphone users be operational once SSL Ceritifcate is applied to Exchange Server?

Posted on 2011-03-24
8
Medium Priority
?
512 Views
Last Modified: 2012-05-11
Hello Experts,

I have a customer whose setup consists of the following:

Win2k domain
Exchange 2003 installed on a Win2K server
Running OWA (and )
ActiveSync for smartphones

Customer wants to apply a SSL certificate from a third party vendor to encrypt communication to clients and smartphone users. I would like to make the transition as smooth as possibly especially because the end users (about 200 of them) will need assistance to change their phone SSL settings.

I'm familiar with the logistics of creating the CSR for the certificate, applying the cert to Exchange IIS and enabling Port 443 at the firewall for communications.

My question is: Once the certificate is applied to the Exchange server, will the smartphone users still able to communicate through port 80 and continue to pull email as normal? Or once the Certificate is applied, will everyone need to change their settings immediately in order to access their email through 443?

Thank you,

A
0
Comment
Question by:aznetworks_net
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 6

Expert Comment

by:siht
ID: 35212139
We run Exchange 2007 and several HTC Desire (Android 2.2) phones plus one iPhone. There is a setting during the Exchange setup on the phones which says "This server requires an encrypted SSL connection" or just "Use SSL" for the iPhone. Unless this is selected the phones will not connect to Exchange.

I'd say all your users will heed to change will be this setting in their phones.

0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1200 total points
ID: 35212143
Once the certificate is applied, your users should switch to HTTPS (port 443) for communication to the server to make things nice and secure.

If you get problems making it work, please have a read through my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
LVL 1

Expert Comment

by:hallcomis
ID: 35212151
I just upgraded our SSL cert and here is what I observerd:

It was transparent for Blackberry users (BES and BIS) and iPhone users.  Droid users had to manually update the certificate on their phone.  On a few occasions, we had to remove the user's email account and set it back up on Droid devices but all in all it was fairly simple.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 

Author Comment

by:aznetworks_net
ID: 35212195
hallcomis:

That's pretty much what the users have in production: BES, iPhone and Android.

So, as soon as the SSL cert is applied all the Android phones will have to either enable the SSL option and update the cert or re-configure the account from scratch otherwise they will not retrieve email.

Did the iPhone recognize the Cert in place and automatically enables the SSL option?

The bottom line, is because of my situation of having a small support staff, I would like to migrate the users  in two or three phases. But obviously if by making the change will not allowed them to access email then it sounds like I will have to make the change on all smartphones at the same time.

A
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 1200 total points
ID: 35212216
You can't migrate - it is either HTTP or HTTPS.  Once you install the certificate and enable SSL on the relevant virtual directories, then everyone will have to switch at once.

My article will advise you what directories need changing.
0
 
LVL 1

Assisted Solution

by:hallcomis
hallcomis earned 800 total points
ID: 35212305
All our iPhones already were configured for SSL as we were using SSL before we ever introduced iPhones into the mix.  This is why we did not have an issue with them.  In your case, you will need to enable SSL on the iPhones once you install the cert.  
0
 

Author Comment

by:aznetworks_net
ID: 35212348
Thank you so much for your feedback.

alanhardisty: Fantastic article you wrote. One last question in regards to the actual third party SSL Cert: the Exchange FQDN is "mail.xxxxxx.com", the DNS A record to access OWA from the outside world is "xxxxxxmail.xxxxx.com... According to your article the cert should be created for mail.xxxxxx.com; will the users be able to access OWA through xxxxxmail.xxxxxx.com without cert issues?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35212378
As long as your IIS settings are correct, there shouldn't be any issues.  OWA uses the /exchange virtual directory whereas Activesync uses the /microsoft-server-activesync virtual directory.

The cert name should match the FQDN you use to access the server with and the name is not relevant.  If domain.com and mail.domain.com both resolve to your server's IP Address, then all will be well with either name.

You can make any name work for your domain - it is DNS that will make or break the name.

Alan
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question