Exchange 2007 Iphone UNABLE TO VERIFY CERTIFICATE

Hi,

Every time when I have to set an Iphone with Exchange 2007 (3rd party certificate)  I  receive "UNABLE TO VERIFY CERTIFICATE" in Iphone. I press Ok and it works.

But now I am renewing my certificate and all Iphone users will receive this message. I would like to avoid this message otherwise a lot of users will ask me about this message.

Thank you

Best Regards

Racy
decioracyAsked:
Who is Participating?
 
Zenith63Connect With a Mentor Commented:
As others have said the best bet would be to fix the cert issue, if you've gone to the expense of purchasing a cert you may as well have it working right :).  Again as others have said the most common cause is the IIS server on your CAS is not supplying the intermediate cert when the phone connects.  Browsers on desktops can often use AIA info embedded in the server (leaf) cert to go and get the intermediate cert, smartphones typically won't do this though so the IIS server needs to supply it.

There are loads of good guides on sorting this out, it's worth visiting http://www.sslshopper.com/ssl-checker.html, stick in the server address that you usually enter on the phone and see the result of the test, it will identify the issue for you in most cases.
0
 
MikeIT ManagerCommented:
Best bet would be to send out an organization wide email advising users that if they receive this message on their iPhone to tap Ok/Continue/yes.

I've always had good luck with GoDaddy SSL certs and iphones.  I've used them in 2 organizations with iphones and the only time I've received that message was because we didnt put our cert on automatic renewal.
0
 
Iradat SiddiquiCommented:
did your exchange certificate includes autodiscover.yourcompany.com ?
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
decioracyAuthor Commented:
Iradatsiddiqui,

I dont have it ...  It is an Exchange 2007 with a Single Name SSL Certificate
0
 
MikeIT ManagerCommented:
Your SSL cert should include your external OWA name, autodiscover.yourcompany.com, and obviously whatever FQDN you are using for your MX record.
0
 
decioracyAuthor Commented:
Shadowless127,

External OWA name ok

Autodiscover no, It is an Exchange 2007 with a Single Name SSL Certificate
0
 
Iradat SiddiquiCommented:
your ssl certificate should have your external owa name like. mail.yourcompany.com and internal fqdn mail.yourdomain.com and autodiscover.yourcompany.com and mx recored should point to mail.yourcompany.com

I am using the certificate from godaddy.com , I never came across any issue using it.
0
 
Simon Butler (Sembee)ConsultantCommented:
Who issued the SSL certificate?

Are you not usinOutlookoAnywherere externally then? You can only get full Exchange functionality with a single name SSL certificate if you are using one of the alternative methods for autodiscover.

Simon.
0
 
decioracyAuthor Commented:
0
 
XinjitzuConnect With a Mentor Commented:
Does the host address you're having the users type in the setup match the name on your certificate exactly? do you get any warnings when accessing from a PC? is the iPhone running the latest updates ?(so it has all root and intermediate CA's)
0
 
decioracyAuthor Commented:
Hi,

Xinjitzu !

Good tip .... maybe it is a problem with intermadiate certificate .... because some Iphones have an old firmware ....  because I dont have a problem when I am using a PC
0
 
decioracyAuthor Commented:
Doing a research .... it could be a problem with Apache  intermadiate certificate  (it redirects the OWA to Exchange)
0
 
decioracyAuthor Commented:
Intermediate CA's was the problem, I installed it in CAS and Apache and It is working .... thank all of you


Best Regards

Racy
0
All Courses

From novice to tech pro — start learning today.