Getting an SSL certificate to connect mobile phones to SBS 2003 server

Hi,

I am setting up exchange on an SBS 2003 Premium server, switching from a POP3 email system and some of the users will need to check their emails on their Blackberries, Nokias and iPhones.

Am I correct in thinking, unlike SBS 2007, the older version only requires a single domain SSL certificate for the mobiles to connect or do I need a multi domain package?

So if I go for remote.mydomain.com and tell my existing POP3 supplier to change the MXRecord to this one, what else do I need to change?
 
It's been a while since I last did this and seem to remember changing CNames and ReverseDNS?

Thanks
mikeabc27Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ormerodrutterCommented:
MX record will only affect the way your server receive email, it has nothing to do with pushing email to other handheld devices. Its ActiveSync or Blackberry Ent Server that deals with pushing emails to phones.

And yes you only need Single domain SSL.
mikeabc27Author Commented:
Mainly Blackberries here - will Windows ActiveSync push emails out to them?
connectexCommented:
Exchange ActiveSync is used by Windows Mobile, Droid, and iPhones. For Blackberries the best option for your enviroment (SBS) is to use Blackberry Enterprise Server Express. You do not need a certificate for this product. You can get more information here: http://us.blackberry.com/apps-software/business/server/express/

-Matt-
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

connectexCommented:
Oh one more thing you may have additional monthly cost to use Blackberry Enterprise Server Express. Check with you cell provider if they charge more for use with Blackberry Enterprise Server. If they do you can use Blackberry Internet Services (BIS). But it's not as good since it links them in via Outlook Web Access. It also they update the BIS web site every time their password changes.

-Matt-
mikeabc27Author Commented:
Thanks Matt, but where I have set this up 18 months ago I just used a godaddy SSL certifciate (multi domain as it was for SBS 2008). Several iPhones and a Blackberry connect to this using remote.theirdomain.com as their mail server. So |why wouldn't this work on SBS 2003 with a single domain certificate?


connectexCommented:
Ok. So if you don't he BES software installed at the server you must be using BIS. For BIS the cell provider should have you logon to their BIS site. You'll then need to enter the username, password, and the URL of Outlook Web Access (OWA) site. The URL should be https://remote.theirdomain.com/exchange. Have you tested going to the URL directly using an outside system? I'm curious if you get any errors.

-Matt-
mikeabc27Author Commented:
I checked the server and no sign of any BES or other Blackberry apps, so like you say he must be using BES Express. I'm having a few problems with the link you attached - how much is the Express version, I seem to recall it was free (maybe for 90/120 day period only) when it first launched.

Currently the company with the SBS 2003 server have 10 users and pay £150 per year for 10 pop3 accounts, so they can receive Blackberry emails on their pop3 account for £15 a year per user.

I find it stupid for them to be using POP3 emails to send one to someone a few feet away from them when they have a perfectly good exchange server just sitting there.

I'm trying to sell them a cost saving over the next few years, but it's only now just hitting home that any potential would be offset by Blackberry charges and knowing Blackberry it will be substantially more.

Is there any other option?
connectexCommented:
Let me rehash this. Please note I'm in the U.S. so everything may not apply to your location.

Three options available:

1. BlackBerry Enterprise Server / BlackBerry Enterprise Server Express (BES) - Both products provide over the air (cell data plan) access to the Exchange mailbox, contacts, etc. Its the best solution as it fully integrates with Exchange server. It also has no issues with user account password changes. However you cell provider may charge more each month for the BES configuration. The cell provider controls BES/BIS (see below) setup on the device itself. And you may have to pay for the software or device licenses. I recommend you call BlackBerry or your cell provider as I can't provide reliable costs information.

2. BlackBerry Internet Service (BIS) - This is for those who don't want to deploy BES or pay the additional BES fees. This is the default unless you've told the cell provider you want BES setup as many BlackBerry devices are sold to end users and not company provided. It provides over the air access to Exchange mail only. It's setup via a cell provider provided web site. Once you logon on to the web site, you enter an e-mail address, username, password, and URL for your company's Outlook Web Access (OWA). It also works with POP and IMAP mailboxes. When the user's password changes they must update the BIS site with the new one. I've also had cases when there's an internet outage to the OWA site that the users also had to update the BIS site before mail worked again.

3. BlackBerry desktop software - This is solely for synchronizing when cabled to a computer. However for those that just want contacts/calendar or want to synchronize the items that BIS won't do over the air.

Here's a good chart for comparing BES, BES Express and BIS options: http://www.scribd.com/doc/47946192/BES-vs-BES-Express-vs-BIS-comparison

-Matt-

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mikeabc27Author Commented:
Thanks Matt, great explanation.

From your descriptions they are already using BIS as they go onto a Vodafone (cell provider) website to set up their pop3 accounts. So hopefully the change will be quite easy.

You mentioned BES requires no SSL certificate, what about BIS?

connectexCommented:
Well, SBS 2008 by default uses a self-signed certificate. So you could try BIS with it. But I've always convinced my clients to purchase at least a basic SSL certificate via Go Daddy or other provider ($60/yr). If you really what the fully functionality of SBS, then I recommend a 5 domain UCC certificate ($100/yr). Some functionality like Outlook Anywhere will need the autodiscover.domain.com in the certificate as well.
mikeabc27Author Commented:
Using SBS 2003 not 2008. I've done this before on 2008 and got a GoDaddy 5 domain UCC.

So basic single domain SSL will be ok?
connectexCommented:
Yes, a single domain certificate should be fine for SBS 2003. Sorry I've done mostly SBS 2008 lately so that's my current mindset.
ormerodrutterCommented:
Ha ha isn't that what I said in my post?? :)
mikeabc27Author Commented:
That's good as GoDaddy single domain SSLs are very cheap.

Our MX records point to our current POP3 company and I would like to change this to point to our SBS server at the weekend. If I buy a single domain where remote.mydomain.com = my-WAN-IP can I use this for my main MX record using my ISP as a secondary MX, and use the same certificate for BIS or do I need a UCC multi domain?
connectexCommented:
The certificate cannot be used for your ISP as a secondary MX. But it shouldn't be an issue as they will only be holding SMTP messages if your Exchange can accept them (i.e. connect or serv down situations) which aren't secured anyways most of the time now. But the RWW, OWA will use the certificate without issue. Since BIS is connecting to OWA it should like it just fine.
mikeabc27Author Commented:
Thanks for all the help
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.