My organization has decided to replace our Blackberry phones with iPhone 4S'. We are currently using BES express which I will be removing soon. Our Exchange server is behind our firewall (not in a DMZ) and email traffic is port forwarded to it. We are using Exchange Server 2007 SP2 which is installed on a Server 2008 64-bit Standard machine. Outlook web access is currently not accessible from outside our LAN. Our exchange server is using a self signed certificate which I created after the default certificate expired after one year. We want to use certificate based authentication instead of basic authentication.
It is my understanding that Outlook web access needs to be accessible from outside the domain (or at least TCP 443 which OWA utilizes) on the exchange server for these phones to communicate with the server. I have also read that the iPhones will receive certificate validation errors unless I use an SSL certificate from a CA in our domain or a third party CA. I'm considering purchasing an SSL certificate from godaddy.com for our exchange server. I've read that I will need to generate a certificate request using the exchange shell to send to the third party that we are requesting the certificate from. Afterwards, I will need to install the certificate on the exchange server.
So, after I have made the appropriate changes to the firewall to port forward traffic to our email server and I have purcahsed an SSL certificate from a trusted provider. What do I do next to intergrate the iPhone with our environment. I have read the documentation on Apple's website (if you can call it documentation, more like guidelines). I've read a little about enabling an Activesync policy, but I am still unsure of how to get the activesync policy onto the iPhone. Do I have to use the iPhone configuration utility or is this optional? Do I simply configure an activesync policy and then connect the iPhone to the exchange server via the "Mail" app on the phone?