RE: SSL certicate issues - smartphones

Jenny, thanks for answering the first part of my question. Apparently I need
to do this on the default website.

My second question was not about the procedure how to do it. It was about
what to do with the existing certificate so that it changes to the desired
public A record name, without messing up my current working setup.

Robert

""Jenny wu [MSFT]"" wrote:

Hi Robert,

Thanks for using the newsgroup.

From the description, I understand the issue is that you have problem to
setup activesync with Exchange server from the Nokia E62 Smartphone over
https. If I am off base, please don't hesitate to let me know.

Firstly, please let me know the exact OS installed in the smartphone. Is it
Windows mobile OS? If yes, I suggest that you strictly following the
following white paper to configure server activesync:

Step-by-Step Guide to Deploying Windows Mobile-based Devices with Microsoft
Exchange Server 2003 SP2
http://www.microsoft.com/technet/itsolutions/mobile/deploy/msfpdepguide.mspx

What is the website host that I need to secure? Options I have:
Default, ConnectComputer, Exadmin, Exchange, Exchange OMA, ExchWeb, MS
Server ActiveSync, Monitoring, OMA?

To enable SSL for the exchange activesync, you just need enable SSL on the
Microsoft-Server-ActiveSync virtual directory. And also you should
configure the Microsoft-Server-ActiveSync virtual directory as follows:

1. Open IIS Manager
2. Open properties of Microsoft-Server-ActiveSync virtual directory, select
Directory Security tab.
3. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods
Check Basic authentication
Uncheck Enable anonymous access
Uncheck Integrated Windows authentication

4. Select Edit in Secure Communication box, please check the box "Require
secure channel (SSL)" (if you would like to enable SSL)

Currently I have a self signed certificate (publishing.name.local)
however the certificate issue wants it to point to a public domain (ours is
remote.name.com, on which we have a A record). Can I simply delete the old
one and start a new certificate name based on our A record, without messing
up what I currently have?

To install the certificate on the exchange server side, you should do as
follows:

1. Click "Start", point to "Administrative Tools", and then click "Internet
Information Services (IIS) Manager".

2. Navigate to Default web site, and right click "Properties" to open its
properties page.

3. Click "Directory Security", and then click "Server Certificate".

4. On the "Welcome to the Web Certificate Wizard" page, click "Next".

5. On the "Modify the current certificate assignment" page, you will view
the comment like "A certificate is currently installed on this web site".
You can choose option "Renew the current certificate" or the option "Remove
the current certificate" according to your needs. if you would like to use
the new certificate, you can choose the option "Remove the current
certificate" to remove old one and then reinstall a new one.

After the certificate installed on the server side, you can refer to the
following article to install the certificate on the Windows Mobile-based
device:

915840 How to install root certificates on a Windows Mobile-based device
http://support.microsoft.com/default.aspx?scid=kb;EN-US;915840

If it is not Windows mobile based OS, you may need contact the device
vendor to consult how to install certificate on the Smartphone.

Please let me know if you have further question on the issue. I am happy to
be of assistance to you and look forward to your reply.

More information:
Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or
forms-based authentication is required for Exchange Server 2003
http://support.microsoft.com/?id=817379

Sincerely,
Jenny Wu, MCSE 2000/2003, MCSA 2000/2003, MCDBA, MCSD
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--------------------
Thread-Topic: SSL certicate issues - smartphones
thread-index: AccHMZoW56epjjc9RaOAjh2CMW3lXQ==
X-WBNR-Posting-Host: 70.17.255.99
From: =?Utf-8?B?Um9iZXJ0IChBQVQp?= <wavemaster@xxxxxxxxxxxxxx>
Subject: SSL certicate issues - smartphones
Date: Mon, 13 Nov 2006 06:40:02 -0800
Lines: 23
Message-ID: <EB6D4D4E-EE30-4C50-9F36-387D0FC373BD@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.exchange.connectivity
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange.connectivity:109081
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.exchange.connectivity

My 'state of the art' Nokia E62 Smartphones won't allow self signed SSL
certificates to be used. So now I am in the process of getting a public
SSL
certificate. The instructions request that I generate a Certificate
Signing
Request (CSR) from my server.

Couple of questions:


What is the website host that I need to secure? Options I have: Default,
ConnectComputer, Exadmin, Exchange, Exchange OMA, ExchWeb, MS Server
ActiveSync, Monitoring, OMA?

Currently I have a self signed certificate (publishing.name.local) however
the certificate issue wants it to point to a public domain (ours is
remote.name.com, on which we have a A record). Can I simply delete the old
one and start a new certificate name based on our A record, without
messing
up what I currently have?

Thanks in advance.

Robert





.

Relevant Pages

  • Re: Trouble syncing Windows Mobile 6 and SBS Exchange
    ... The certificate installed without a problem ... Also - under Exchange Server Settings, under the server name field it says ... SPcertadd.exe to install the "untrusted" cert. ... I just bought a HTC S710 vox (Windows Mobile 6 Smartphone) and plan to set ...
    (microsoft.public.windows.server.sbs)
  • Re: windows mobile 6
    ... Hi, I have a similar situation, except that my godaddy certificate never ... windows mobile security settings to allow the active-x component to download. ... Find your Godaddy Certificate ... tap the file and accept the prompt to install the cert. ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows Update repeats
    ... You cannot install some updates or programs ... to a Windows component, install a service pack for Windows or for a Windows ... The Microsoft digital signature affirms that software has been tested with ... Publishers certificate store. ...
    (microsoft.public.windowsupdate)
  • RE: updates after format
    ... if the Microsoft Server is down. ... software you are installing has not passed Windows Logo testing verify its ... When you try to download an ActiveX control, install an update to Windows ... and you do not have the appropriate certificate in your Trusted Publishers ...
    (microsoft.public.windows.mediacenter)
  • Re: Certificates/SSL Connections From Behind ISA
    ... but I can't seem to get the certificate from the ... for web chaining to work that way you don't install a server ... actually install a client certificate used for authentication to the ... Did you install Sun's JVM, ...
    (microsoft.public.isaserver)