?
Solved

Will smartphone users be operational once SSL Ceritifcate is applied to Exchange Server?

Posted on 2011-03-24
8
Medium Priority
?
511 Views
Last Modified: 2012-05-11
Hello Experts,

I have a customer whose setup consists of the following:

Win2k domain
Exchange 2003 installed on a Win2K server
Running OWA (and )
ActiveSync for smartphones

Customer wants to apply a SSL certificate from a third party vendor to encrypt communication to clients and smartphone users. I would like to make the transition as smooth as possibly especially because the end users (about 200 of them) will need assistance to change their phone SSL settings.

I'm familiar with the logistics of creating the CSR for the certificate, applying the cert to Exchange IIS and enabling Port 443 at the firewall for communications.

My question is: Once the certificate is applied to the Exchange server, will the smartphone users still able to communicate through port 80 and continue to pull email as normal? Or once the Certificate is applied, will everyone need to change their settings immediately in order to access their email through 443?

Thank you,

A
0
Comment
Question by:aznetworks_net
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 6

Expert Comment

by:siht
ID: 35212139
We run Exchange 2007 and several HTC Desire (Android 2.2) phones plus one iPhone. There is a setting during the Exchange setup on the phones which says "This server requires an encrypted SSL connection" or just "Use SSL" for the iPhone. Unless this is selected the phones will not connect to Exchange.

I'd say all your users will heed to change will be this setting in their phones.

0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 1200 total points
ID: 35212143
Once the certificate is applied, your users should switch to HTTPS (port 443) for communication to the server to make things nice and secure.

If you get problems making it work, please have a read through my article:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_1798-Exchange-2003-Activesync-Connection-Problems-FAQ.html
0
 
LVL 1

Expert Comment

by:hallcomis
ID: 35212151
I just upgraded our SSL cert and here is what I observerd:

It was transparent for Blackberry users (BES and BIS) and iPhone users.  Droid users had to manually update the certificate on their phone.  On a few occasions, we had to remove the user's email account and set it back up on Droid devices but all in all it was fairly simple.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:aznetworks_net
ID: 35212195
hallcomis:

That's pretty much what the users have in production: BES, iPhone and Android.

So, as soon as the SSL cert is applied all the Android phones will have to either enable the SSL option and update the cert or re-configure the account from scratch otherwise they will not retrieve email.

Did the iPhone recognize the Cert in place and automatically enables the SSL option?

The bottom line, is because of my situation of having a small support staff, I would like to migrate the users  in two or three phases. But obviously if by making the change will not allowed them to access email then it sounds like I will have to make the change on all smartphones at the same time.

A
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 1200 total points
ID: 35212216
You can't migrate - it is either HTTP or HTTPS.  Once you install the certificate and enable SSL on the relevant virtual directories, then everyone will have to switch at once.

My article will advise you what directories need changing.
0
 
LVL 1

Assisted Solution

by:hallcomis
hallcomis earned 800 total points
ID: 35212305
All our iPhones already were configured for SSL as we were using SSL before we ever introduced iPhones into the mix.  This is why we did not have an issue with them.  In your case, you will need to enable SSL on the iPhones once you install the cert.  
0
 

Author Comment

by:aznetworks_net
ID: 35212348
Thank you so much for your feedback.

alanhardisty: Fantastic article you wrote. One last question in regards to the actual third party SSL Cert: the Exchange FQDN is "mail.xxxxxx.com", the DNS A record to access OWA from the outside world is "xxxxxxmail.xxxxx.com... According to your article the cert should be created for mail.xxxxxx.com; will the users be able to access OWA through xxxxxmail.xxxxxx.com without cert issues?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 35212378
As long as your IIS settings are correct, there shouldn't be any issues.  OWA uses the /exchange virtual directory whereas Activesync uses the /microsoft-server-activesync virtual directory.

The cert name should match the FQDN you use to access the server with and the name is not relevant.  If domain.com and mail.domain.com both resolve to your server's IP Address, then all will be well with either name.

You can make any name work for your domain - it is DNS that will make or break the name.

Alan
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Learn how to use the free Acronis True Image app to easily transfer data between iPhones and Android phones.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
how to add IIS SMTP to handle application/Scanner relays into office 365.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question