We help IT Professionals succeed at work.

iphone 8 syncing with Exchange 2016

Medium Priority
19 Views
Last Modified: 2020-03-04
Do the latest iphones i.e. iphone 8 still sync up with an exchange server 2016 using a self signed certificate

I am having trouble every time I try to create an account, I keep receiving the message "cannot verify server identity" and it seems that the continue tab is missing and I cannot go any further than this

I have googled this and it seems that Apple have tightened up on their certificate security

I am sure if the customer had a globally trusted certificate there wouldn't be a problem

Was just wondering if anybody could give me a definitive answer on this

Thank you
Comment
Watch Question

Jackie Man IT Manager
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You need a SAN / UCC certificate using mail.yourdomain.com and autodiscover.yourdomain.com.

https://www.experts-exchange.com/questions/29002119/Self-Signed-SSL-Certs-Exchange-2016-and-iOS-10-and-above-devices.html
Ibrahim BennaTechnology Lead
CERTIFIED EXPERT

Commented:
Is the self-signed certificate created from an internal CA? Does it have the correct names or is it an internal wildcard certificate?

Exchange 2016 requires the use of a 3rd party certificate because they are already trusted by most devices.
Jackie Man IT Manager
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Was just wondering if anybody could give me a definitive answer on this

You cannot use the self-signed cert of Exchange 2016 to connect to the Exchange server from your iPhone 8 which is very llkely running iOS 13.

As of 27 Jan 2020, iOS 13 is now installed on 77 percent of iPhones that were released in the last four years, according to updated adoption numbers that Apple shared today on its App Store support site for developers.

Source; https://www.macrumors.com/2020/01/28/ios-13-installed-on-77-percent-of-iphones/

Why?

1. SHA-1 signed certificates are no longer trusted for TLS for iOS 13.

Requirements for trusted certificates in iOS 13 and macOS 10.15
https://support.apple.com/en-us/HT210176

2. The default self-signed certificates of Exchange 2016 is a SHA-1 signed certificate.

Digital certificates and encryption in Exchange Server
https://docs.microsoft.com/en-us/exchange/architecture/client-access/certificates?view=exchserver-2016