Exchange 2003 SSL cert errors - wont sync with android phones
I have an 03 exchange box (actually sbs2003) that had a self-signed cert and not able to get android phones working on it. I decided to get a standard cert from godaddy and I got that installed. It looks like my cert isnt the correct one being used - when doing a testexchangeconnectivity.c
Certificate name validation failed. - referencing *.ipower.com (which is the dns host for this site)
None of the autodiscover is working either. How can I verify what cert its using - going to the website mail.domain.com I click the ssl icon and see godaddy.com - as in IIS properties/directory security for default website (including exchange), shows the right cert.
Certificate name validation failed. - referencing *.ipower.com (which is the dns host for this site)
None of the autodiscover is working either. How can I verify what cert its using - going to the website mail.domain.com I click the ssl icon and see godaddy.com - as in IIS properties/directory security for default website (including exchange), shows the right cert.
ASKER
Huh? Try owa with ssl? I can login to owa just fine with ssl (it redirects me automatically from http to https. Note that I do need to type mail.domain.com/exchange to get to owa, it doesnt auto redirect me to there.
There is no autoconfigure deal in 03 is there? Thought that was an 07+ thing?
I made a change do default website to require SSL and 128bit and now testexchange gives this
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
I just ran it again after a reboot (IIS started acting up after doing the above - the service wouldnt start) here is what I am getting now
ExRCA is attempting to obtain the SSL certificate from remote server domainname.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.ipower.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=GT54361831, O=*.ipower.com, C=US, SERIALNUMBER=QUnNCHEImAP-b
NOTE - I AM NOT USING IPOWER. They are just hosting dns for the A record
There is no autoconfigure deal in 03 is there? Thought that was an 07+ thing?
I made a change do default website to require SSL and 128bit and now testexchange gives this
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
I just ran it again after a reboot (IIS started acting up after doing the above - the service wouldnt start) here is what I am getting now
ExRCA is attempting to obtain the SSL certificate from remote server domainname.com on port 443.
ExRCA successfully obtained the remote SSL certificate.
Additional Details
Remote Certificate Subject: CN=*.ipower.com, OU=Domain Control Validated - RapidSSL(R), OU=See www.rapidssl.com/resources/cps (c)11, OU=GT54361831, O=*.ipower.com, C=US, SERIALNUMBER=QUnNCHEImAP-b
NOTE - I AM NOT USING IPOWER. They are just hosting dns for the A record
Autodiscover is an Exchange 2007 and higher feature.
As you are using Exchange 2003 it doesn't apply for you.
On the test site you need to choose the option to manually enter the details. Then you enter the host name that you put on to SSL certificate.
The same will apply to any mobile devices, you cannot use any of the automated tools to configure them, you need to choose to manually enter things.
Simon.
As you are using Exchange 2003 it doesn't apply for you.
On the test site you need to choose the option to manually enter the details. Then you enter the host name that you put on to SSL certificate.
The same will apply to any mobile devices, you cannot use any of the automated tools to configure them, you need to choose to manually enter things.
Simon.
Just in case you miss this point. When you self-signed your certificate you need to install your CA certificate in all your clients (mobiles). Most mobiles have only installed a few CA so it might be that your chosen CA is not the one installed on your mobiles.
ASKER
Right, which is why I switched them to a godaddy cert so you dont have to mess with putting certs on phones.
I used testexchangecon manually and that worked MUCH better! Trying the setup on a phone now to confirm. I believe the user did mess with putting certs on the phone manually, but that shouldnt mess anything up right, just having more certs in your CA is nbd?
I used testexchangecon manually and that worked MUCH better! Trying the setup on a phone now to confirm. I believe the user did mess with putting certs on the phone manually, but that shouldnt mess anything up right, just having more certs in your CA is nbd?
Depends how they did the certificates. It can screw things up if they put the personal certificate (the certificate issued to your server) in as the root certificate - the device gets confused and cannot complete the chain of trust correctly.
Simon.
Simon.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please upload the screenshot here.