Announcement

Collapse
No announcement yet.

Exchange 2003 > ppc > certificate server problems

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Exchange 2003 > ppc > certificate server problems

    Hey all,

    I have an exchange 2003 server installed on my PDC and configured it for RPC over HTTP to sync it with my ppc (pushmail).

    I have a domain named "domain.nl" where i have put the MX record to "home.domain.nl" which points to my server @ home (exchange).
    At home i named the domain "domain2.local".

    I have installed an certificate server and named it "home.domain.nl" so when i import a certificate i could reach the server from the outside world.

    The problem is ..., i installed the certificate on my ppc and the first time i tried
    i get a logon screen but he doesn't accept my credentials. when i logon i get another logon window.

    After that i tried again with another certificate and now i get the error :

    "0x80072F0D the certificate on the server is invalid"

    Can anybody help me further ?

  • #2
    Re: Exchange 2003 > ppc > certificate server problems

    Windows Mobile is really sensitive on certificates.

    How did you create the certificate? Using SelfSSL, Windows CA? Purchased certificate?

    You really need to get the root certificate in to the device, not the actual server certificate. Then it will be accepted.

    I don't bother with home grown certificates any more, I purchase all of mine. For the US$69 that RapidSSL want, it isn't worth the hassle. Get their certificate, then the root and you are sorted.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Exchange 2003 > ppc > certificate server problems

      You are right , buying an certificate which is trusted on the mobile device is a lot easier but a lot more expensive.

      I installed my own certificate server, but i'm unsure where to get the "ROOT" certificate, there are so many ways

      I have requested a certificate on my certificate server, i have logged on via OWA and then clicked on the SSL secure picture and exported it, none worked.

      So the question is, how do i get the "ROOT" certificate when I have installed my own certificate server ?

      Comment


      • #4
        Re: Exchange 2003 > ppc > certificate server problems

        How about US$20? Is that too expensive?

        The SSL Certificates from GoDaddy are supported by the Windows Mobile device natively. No root certificates to install, no error messages.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Exchange 2003 > ppc > certificate server problems

          Well no, but it must work without a trusted certificate, and with a certificate my server created, so i want to get that working ...

          Comment


          • #6
            Re: Exchange 2003 > ppc > certificate server problems

            Then you'll need to make sure you create the certificate in a proper way (I don't know how you did yours), use the exact COMMON NAME as the FQDN of the server you're connecting to, and have your CA certificate imported to the PPC (or any other device/computer that needs to connect to the server).
            Cheers,

            Daniel Petri
            Microsoft Most Valuable Professional - Active Directory Directory Services
            MCSA/E, MCTS, MCITP, MCT

            Comment


            • #7
              Re: Exchange 2003 > ppc > certificate server problems

              To obtain the Root certificate run the mmc on the root server and add the CA plugin. go to the server under the CA and click prop. go to General tab and view the certificate. Go to details tab and select copy to file. follow instuctions and you will have exported the ROOT certificate to a file. this can then be installed.

              I agree with previous posts, mobile devices are tricky with certificates. And Daniels suggestion of the FQDN the same as common name is essential.

              Remember , the connection must be able to authenticate to the ROOT CA or it wont work, so if you are using self certs you must install the root certificate to enable the device to authenticate.

              As a suggestion, i would get a https OWA connection working first on a pc from external to confirm you have set up the certificate properly, ie a connection with no cert popups and when you view the cert after connection you can see the root back to the CA. you can then try mobile device connections

              Hope this helps

              Richard

              Comment


              • #8
                Re: Exchange 2003 > ppc > certificate server problems

                Or just search Daniel's resource rich site.
                1 1 was a racehorse.
                2 2 was 1 2.
                1 1 1 1 race 1 day,
                2 2 1 1 2

                Comment

                Working...
                X