Announcement

Collapse
No announcement yet.

SBS2011 iPhone Certificate Issues

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS2011 iPhone Certificate Issues

    Probably a pretty unique situation, and less than ideal - please don't jump on me for bad practices, I was thrown in the deep end of this one.

    My client is a construction company. They require high speed internet, but want Exchange.
    Here in rural Canada we don't have the luxury of both. To get a static IP, the highest DSL speed is 5mbps. So they have fiber, which is 20mbps, but cannot be had with a static IP.

    So, they have SBS2011 with POP connectors for incoming emails, and the SMTP service offered by Dyndns for outgoing.

    On my rooted Android phone, as long as I select to "accept all SSL certificates" I can connect. Without that option selected, I can't.
    On their iPhones, it just fails to connect.

    Does this point to a certificate issue? Can an iPhone accept a self-signed certificate, or should I persuade them they need to buy a certificate from a CA to get this feature working properly?

    I have the ActiveSync set to ignore client certificates, if that helps.

    Also, does it use IMAP? If so, it is currently set to secure logon.


    I will put a disclaimer - the whole certificate thing has always been my weak spot, and by no means am I an Exchange guru, this is just an area I've had to pickup in a hurry!

    Thanks for any help!
    Last edited by ConradJ; 13th January 2012, 14:31.

  • #2
    Re: SBS2011 iPhone Certificate Issues

    An iPhone should accept a self-signed cert after it gives you a warning... but get a cert. They're cheap and make things easier. And with SBS 2011 you can use the wizard and it makes sure everything is configured correctly.

    If the iPhone isn't connecting then you should try running the Internet Address wizard again. (if you ever need to make a config change in SBS use the wizards, never manually configure things that a wizard configures)
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: SBS2011 iPhone Certificate Issues

      You can use a dynamic IP combined with one of the registration services such as DynDNS
      http://www.google.co.uk/search?q=exc...FJCZhQfT3c2nDQ

      IMHO this is preferable to using the POP connector

      Also IMHO a 3rd party certificate pointing to remote.domain.com is much preferable (and saves you a lot of hassle) vs self signed
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: SBS2011 iPhone Certificate Issues

        Thanks Jeremy, I re-ran the Internet Address wizard again, this time with the dyndns account.

        Ossian - their domain registrar refuse to point the MX records at a dyndns account. They will only point it to an IP. The registrar is also their ISP, and their website host, so the client don't want me to gain control of the domain.

        Their loss. It is working, not ideal, but it works.

        I am going to go ahead and get them a proper certificate though, I managed to bend their ear into spending the little extra each year.

        Thanks guys!

        Comment


        • #5
          Re: SBS2011 iPhone Certificate Issues

          5Mbps should be way fast enough to run the Exchange on SMTP - I remember doing it on 64Kbps Frame Relay and even 28.8Kbps dial-up modem!
          Just remember to limit the message size to say 2-3MB (10MB is default) so as not to clog up the line completely.
          TIA

          Steven Teiger [SBS-MVP(2003-2009)]
          http://www.wintra.co.il/
          sigpic
          Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

          We donít stop playing because we grow old, we grow old because we stop playing.

          Comment


          • #6
            Re: SBS2011 iPhone Certificate Issues

            Concur -- much of the UK is on slower ADSL!
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment

            Working...
            X