Configure SSL certificate on Exchange 2003 for active sync
Hi everyone,
We have an Exchange 2003 Standard, SP2 configured to use Active Sync for iPhone. We also have OWA enabled on the same Exchange server to use SSL certificate from VeriSign. Please see the Default, Exchange and Microsoft-Server-Activesyn
Exchange Default Web Site
• Secure Communications = Require SSL NOT ticked
Exchange Virtual Directory
• Authentication = Integrated & Basic
• Default Domain = NetBIOS domain name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL NOT ticked
Microsoft-Server-Activesyn
• Authentication = Basic
• Default Domain = NETBIOS domain name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked
• Client certificate = Ignore client certificates
The Verisign SSL certificate is installed on the IIS default folder and OWA is using the certificate without a problem.
Question: When I configure iPhone with Exchange, it is not giving me a prompt to accept the certificate on the iPhone. But it only authenticate if SSL is enabled on the iPhone. How do I confirm if the VeriSign certificate is used on the iPhone when connecting to Exchange? Am i missing any steps?
Thanks you so much for all you help in advance!!
We have an Exchange 2003 Standard, SP2 configured to use Active Sync for iPhone. We also have OWA enabled on the same Exchange server to use SSL certificate from VeriSign. Please see the Default, Exchange and Microsoft-Server-Activesyn
Exchange Default Web Site
• Secure Communications = Require SSL NOT ticked
Exchange Virtual Directory
• Authentication = Integrated & Basic
• Default Domain = NetBIOS domain name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL NOT ticked
Microsoft-Server-Activesyn
• Authentication = Basic
• Default Domain = NETBIOS domain name
• IP Address Restrictions = Granted Access
• Secure Communications = Require SSL and Require 128-Bit Encryption IS ticked
• Client certificate = Ignore client certificates
The Verisign SSL certificate is installed on the IIS default folder and OWA is using the certificate without a problem.
Question: When I configure iPhone with Exchange, it is not giving me a prompt to accept the certificate on the iPhone. But it only authenticate if SSL is enabled on the iPhone. How do I confirm if the VeriSign certificate is used on the iPhone when connecting to Exchange? Am i missing any steps?
Thanks you so much for all you help in advance!!
Last Comment
Justin Durrant
What model iOS and iPhone? iOS 3.1 and above enables device encryption with does not work well with Exchange 2003. You will need to modify your Activesync policy/policies to not require encryption
The certificate is definitely being used on the phone. Otherwise you would get a certificate error when trying to connect.
ASKER
Thanks, I am using iPhone 4G and iPad2. Is there any way I can tell the SSL certificate is being used on the iPhone. Sorry, a question was asked and I am trying to prove them the certificate is being used...that's all.
Thank you!
Thank you!
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
There is know way to see it but if you connect without any cert errors you are using the cert no question.
You can also test via: https://www.testexchangeconnectivity.com/
ASKER
Thanks guys. I've downloaded a "activesync tester" on the iPhone and it passed all tests including certificate. I get an error message if the "enforce password on device" activesync policy is enabled. One of the user mentioned that when he used iPhone from another organization, he used to get a prompt to accept the certificate on the device upon setting up Exchange mailbox wirelessly, do you know if he refers to server based certificate as suppose to 3rd party like VeriSign?
Please see the attached document from Apple, Certificate-based Authentication section and tell me if this makes any sense.
Sorry for trouble but I really appreciate all your help!!
iPhone-Business.pdf
Please see the attached document from Apple, Certificate-based Authentication section and tell me if this makes any sense.
Sorry for trouble but I really appreciate all your help!!
iPhone-Business.pdf
I have never had to except a certificate on an iPhone or iPad and I have setup hundreds.
ASKER
Thanks again. Based on your feedback, is it safe to assume then you only need to download selft generated certificate on the iPhone manually. Any third party SSL certificate like the one from VeriSign will not be prompted to get install on the iPhone?
Thanks!
Thanks!
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Appreciate all your help on this!
ASKER
Thanks for all your help!
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
