Solved

New Exchnage Server 2007 Self Signed Certificate causing and issue with IPADs accessing emails

Posted on 2012-03-26
15
463 Views
Last Modified: 2012-03-26
We have 65 IPADS which all connect to our exchange 2007 email server. when i set up the account on the ipads we get a certificate is invalid message and i click details and select trust the server.

The connection has always worked that way.

On friday our email server told me during routine checks that the self signed certificate of the server was 18 months expired and it gave me details on how to setup a new self signed certificate. i did this and deleted the old expired certificate.

All the ipads will not connect to the server now they recieve "The connection to the server failed" error - i have played around with the settings on the ipads but nothing seems to work.

SSL is enabled on the ipad connection. Even without SSL enabled we get no connection.
0
Comment
Question by:Wilkinson1546
  • 7
  • 7
15 Comments
 
LVL 8

Expert Comment

by:Elmar-H
ID: 37765311
On the ipad you must agree the new cert. The easiest way is to email the new cert to ipad ( or download them) and import into IPad...
0
 

Author Comment

by:Wilkinson1546
ID: 37765316
Its ironic emailing a cert as email doesnt work but i will  have a go with other email accounts.

Is there a way to disable the cert while i email or is this not possible?

Thanks for superfast reply
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37765326
If you spend $60 on a 3rd party SSL Certificate with multiple domain names (SAN / UCC cert), then the problem would resolve itself the moment you install the certificate.
0
 

Author Comment

by:Wilkinson1546
ID: 37765334
This is an internal Domain which doesnt really require SSL would purchasing a Cert still be beneficial for us?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37765370
If you want to save the errors and not have issues with the devices, then yes.

You can also use OWA without errors and it will make renewing it much less painful as you will not have to install the cert on each device every time you renew it.

I know which route I would go down :)
0
 

Author Comment

by:Wilkinson1546
ID: 37765376
EXCHANGE WILL NOT LET ME REMOVE THE CERTIFICATE WITHOUT HAVING ANOTHER ONE IN PLACE FIRST - ANY CLUES ON HOW TO FORCE THIS? OR MAKE THE CURRENT ONE EXPIRE?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37765378
Why are you trying to remove the cert - and please take your CAPS lock off - it implies that you are shouting, which will get some people's backs up.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:Wilkinson1546
ID: 37765397
no sorry wasnt shouting (i will remember that tho)

I thought if i remove the cert the devices will simply work as they did before i applied the cert.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37765404
No worries - I am thick-skinned :)

They won't start working if you remove the existing certificate as they require a cert to work and the cert has to be current and valid.

You can either renew the existing self-issued cert and then get each device to trust it by installing it as already suggested, or buy a 3rd party one for about $60 and then install that and then the iPad's will start to work immediately.
0
 

Author Comment

by:Wilkinson1546
ID: 37765423
Do you recommend a place to get certs or should i look it up?

i have used Godaddy before they seemed reasonable.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37765427
GoDaddy are fine - I have a reseller account (see my profile), which are slightly cheaper.

They both work happily (I use ones from my reseller account all the time).  Which one you opt for is entirely up to you - there is no difference between them apart from the name of the issues (GoDaddy vs Starfield).
0
 

Author Comment

by:Wilkinson1546
ID: 37765506
if i installed one now for exchange 2007 would i need to replace it for exchange 2010?

i am upgrading in next couple of weeks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37765508
No - you can transfer it across - you may have to rename the names in the cert, but you won't have to buy another one until it expires.
0
 

Author Comment

by:Wilkinson1546
ID: 37765535
I will have a think and try postpone until server 2010 is up and running.

thanks
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37765546
No probs - although if it is only for internal use - you get up to 5 names included in your certificate, so you should be able to accommodate both the old server (exchange 2007) and the new server (exchange 2010) in the same certificate.

The names you would normally need for external use are:

mail.externaldomain.com (or whatever you prefer to use)
autodiscover.externaldomain.com
internalservername.internaldomain.local
internalservername
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Easy CSR creation in Exchange 2007,2010 and 2013
If you don't know how to downgrade, my instructions below should be helpful.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now