Configure certificate-based authentication for Exchange ActiveSync

Hello Team,

we havign the Exchange 2013 CU8 in environement
I want to know the configuration Requirement to enable our IOS devices to use certificate authentication for active sync instead of username and password.

Please suggest what configuration requirement is, we are currently having 8 Exchange server

Addy NadiaExpertAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rahul MehtaApple certified TECHNICAL COORDINATORCommented:
Apple iPads and iPhones support PKCS1-formatted X.509 certificates, stored in files ending with .crt, .cer, .pem or .der. You can use these certificates to identify CAs, servers or individual users and devices. Here's how to add CA certificates used during enterprise Web, email, VPN or wireless LAN (WLAN) server authentication.

Ways to deploy configuration profiles

Via Web
Direct employees to a Web page where your CA certificate is posted. Any user who clicks on the certificate file URL will launch a dialog similar to that described above. Although this method is also vulnerable to phishing, it can be strengthened by hosting the CA certificate on a secure website, and you can advise users to ensure that they reach the legitimate website before downloading your certificate by logging into a corporate Web portal first.
Via email
The least secure method is to simply email your trusted CA certificates to employees. Any user that clicks on this attachment launches an Install Profile dialog that warns that the CA certificate about to be installed is not trusted. If the user clicks Install, he will be further warned that the authenticity of the subject cannot be verified and that installing the profile will add it to the list of trusted certificates on that iPad or iPhone.

When using this method, counsel users to make a one-time exception and never install any other CA certificates, even if they appear to be from the IT department.

Via Profiles
By connecting an iOS device to a computer running the iPhone Configuration Utility
By pushing profiles to an iOS device workgroup using Apple Configurator (ideal for small organizations with fewer than 30 devices)
Over the air using an MDM tool (most businesses should consider MDM for fully automated, user-transparent iOS configurations)
Addy NadiaExpertAuthor Commented:
i need what configuration is required at Server side and what is at Client side
Rahul MehtaApple certified TECHNICAL COORDINATORCommented:
From your end you can use apple server or use MDM solution.
Even apple configurator can do the work for you.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Addy NadiaExpertAuthor Commented:
MDM is already there.. but what server side configuration is required and what client side
Rahul MehtaApple certified TECHNICAL COORDINATORCommented:
On MDM you need to create a profile by adding all information, and Push this profile on client.

in details:

First long in to your MDM and bind all your clint to it. to bind you need to ask then to enrol to your MDM.
once they get enrol they will be shown in your devices list. Make a group.

then you created a profile with your polices and push it to the client.

first you have to be go through you MDM software. if you can share your MDM info i can through their website and guide you.
Addy NadiaExpertAuthor Commented:
i think you are not getting my question correctly.

Please tell what configuration requirement is needed on Exchange 2013 , AD and Internal PKI and Mailmarshall Gateway we are using
Rahul MehtaApple certified TECHNICAL COORDINATORCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Addy NadiaExpertAuthor Commented:
this for Exchange 2010.. i have only exchange 2013
Rahul MehtaApple certified TECHNICAL COORDINATORCommented:
steps are same.
Addy NadiaExpertAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.