asked on Exchange Certificate Renewal not Being Accepted by iOS Mail App
This weekend we renewed our certificate in Exchange using our CA. Everything installed normally and Exchange ECP shows the renewed certificate as Valid. After testing Outlook, OWA and email on my android phone, I saw that everything was pulling the new certificate and mail was flowing on the devices normally.
The next day we started getting calls from iOS users stating they cannot access email on their iPhones or iPads. They are getting an error that says, "Cannot Verify Server Identity: The identity of "autodiscover.mydomain.com
Anybody have any thoughts on how to fix this for iOS users? People using the Outlook App on Apple devices are able to access email fine. It's only people using the built-in Mail app provided by Apple.
Troubleshooting I've tried:
Rebooting the Exchange server to reset IIS and other services
Restarting Apple device
Removing and re-adding Exchange account from Apple device
Temporarily turning off SSL on Apple device
Tested adding Exchange account to an Apple device that has never touched our Exchange server
Thank you for the help!
The next day we started getting calls from iOS users stating they cannot access email on their iPhones or iPads. They are getting an error that says, "Cannot Verify Server Identity: The identity of "autodiscover.mydomain.com
Anybody have any thoughts on how to fix this for iOS users? People using the Outlook App on Apple devices are able to access email fine. It's only people using the built-in Mail app provided by Apple.
Troubleshooting I've tried:
Rebooting the Exchange server to reset IIS and other services
Restarting Apple device
Removing and re-adding Exchange account from Apple device
Temporarily turning off SSL on Apple device
Tested adding Exchange account to an Apple device that has never touched our Exchange server
Thank you for the help!
iOSExchange
Last Comment
Eric Velting
Which CA are you using. If it is GoDaddy, you need to install the intermediates in your exchange server. If it is Symantec, it may not be trusted anymore. Apple is picky
ASKER
Thank you for the replies.
Shreedhar, in regards to your reply. It does not look like the newest versions of iOS have the "Enable full trust for root certificates" so we were unable to turn on trust for those certificates.
We have found that people on newer versions of iOS are the only ones having problems. It looks like newer versions of iOS play with certificates differently. We have also found that certain Chrome browsers do not like the new certificate either, which leads us to believe the problem is related to Certificate Transparency. We are going to take a look at our CA and possibly reissue and new certificate this weekend.
Shreedhar, in regards to your reply. It does not look like the newest versions of iOS have the "Enable full trust for root certificates" so we were unable to turn on trust for those certificates.
We have found that people on newer versions of iOS are the only ones having problems. It looks like newer versions of iOS play with certificates differently. We have also found that certain Chrome browsers do not like the new certificate either, which leads us to believe the problem is related to Certificate Transparency. We are going to take a look at our CA and possibly reissue and new certificate this weekend.
Make sure it is a SHA-2 (or 256) certificate.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
If you want to turn on SSL trust for that certificate, go to Settings > General > About > Certificate Trust Settings. Under "Enable full trust for root certificates," turn on trust for the certificate.
further refer article:
https://support.apple.com/en-in/HT204477