Solved

Will smartphone users be operational once SSL Ceritifcate is applied to Exchange Server?

Posted on 2011-03-24
8
509 Views
Last Modified: 2012-05-11
Hello Experts,

I have a customer whose setup consists of the following:

Win2k domain
Exchange 2003 installed on a Win2K server
Running OWA (and )
ActiveSync for smartphones

Customer wants to apply a SSL certificate from a third party vendor to encrypt communication to clients and smartphone users. I would like to make the transition as smooth as possibly especially because the end users (about 200 of them) will need assistance to change their phone SSL settings.

I'm familiar with the logistics of creating the CSR for the certificate, applying the cert to Exchange IIS and enabling Port 443 at the firewall for communications.

My question is: Once the certificate is applied to the Exchange server, will the smartphone users still able to communicate through port 80 and continue to pull email as normal? Or once the Certificate is applied, will everyone need to change their settings immediately in order to access their email through 443?

Thank you,

A
0
Comment
Question by:aznetworks_net
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 6

Expert Comment

by:siht
ID: 35212139
We run Exchange 2007 and several HTC Desire (Android 2.2) phones plus one iPhone. There is a setting during the Exchange setup on the phones which says "This server requires an encrypted SSL connection" or just "Use SSL" for the iPhone. Unless this is selected the phones will not connect to Exchange.

I'd say all your users will heed to change will be this setting in their phones.

0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 300 total points
ID: 35212143
Once the certificate is applied, your users should switch to HTTPS (port 443) for communication to the server to make things nice and secure.

If you get problems making it work, please have a read through my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
LVL 1

Expert Comment

by:hallcomis
ID: 35212151
I just upgraded our SSL cert and here is what I observerd:

It was transparent for Blackberry users (BES and BIS) and iPhone users.  Droid users had to manually update the certificate on their phone.  On a few occasions, we had to remove the user's email account and set it back up on Droid devices but all in all it was fairly simple.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:aznetworks_net
ID: 35212195
hallcomis:

That's pretty much what the users have in production: BES, iPhone and Android.

So, as soon as the SSL cert is applied all the Android phones will have to either enable the SSL option and update the cert or re-configure the account from scratch otherwise they will not retrieve email.

Did the iPhone recognize the Cert in place and automatically enables the SSL option?

The bottom line, is because of my situation of having a small support staff, I would like to migrate the users  in two or three phases. But obviously if by making the change will not allowed them to access email then it sounds like I will have to make the change on all smartphones at the same time.

A
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 300 total points
ID: 35212216
You can't migrate - it is either HTTP or HTTPS.  Once you install the certificate and enable SSL on the relevant virtual directories, then everyone will have to switch at once.

My article will advise you what directories need changing.
0
 
LVL 1

Assisted Solution

by:hallcomis
hallcomis earned 200 total points
ID: 35212305
All our iPhones already were configured for SSL as we were using SSL before we ever introduced iPhones into the mix.  This is why we did not have an issue with them.  In your case, you will need to enable SSL on the iPhones once you install the cert.  
0
 

Author Comment

by:aznetworks_net
ID: 35212348
Thank you so much for your feedback.

alanhardisty: Fantastic article you wrote. One last question in regards to the actual third party SSL Cert: the Exchange FQDN is "mail.xxxxxx.com", the DNS A record to access OWA from the outside world is "xxxxxxmail.xxxxx.com... According to your article the cert should be created for mail.xxxxxx.com; will the users be able to access OWA through xxxxxmail.xxxxxx.com without cert issues?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35212378
As long as your IIS settings are correct, there shouldn't be any issues.  OWA uses the /exchange virtual directory whereas Activesync uses the /microsoft-server-activesync virtual directory.

The cert name should match the FQDN you use to access the server with and the name is not relevant.  If domain.com and mail.domain.com both resolve to your server's IP Address, then all will be well with either name.

You can make any name work for your domain - it is DNS that will make or break the name.

Alan
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question