RE: SSL certicate issues - smartphones

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi Robert,

Thanks for your update. I appreciate your time.

To change the certificate name to match your desired public A record name,
you should contact your CA provider (where you receive public SSL
certificate) and they can create/change a certificate name according to
your A record. After you received the certificate, you can import it to
your IIS server.

For more information about these SSL certificates, visit the following
Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkId=61499

Please don't hesitate to let me know if you have further question on the
issue.

Have a nice day!

Sincerely,

Jenny Wu (MSFT)

Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security

======================================================
PLEASE NOTE: The partner managed newsgroups are provided to assist with
break/fix
issues and simple how to questions.

We also love to hear your product feedback!

Let us know what you think by posting
from the web interface: Partner Feedback
from your newsreader: microsoft.private.directaccess.partnerfeedback.

We look forward to hearing from you!
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
Thread-Topic: SSL certicate issues - smartphones
thread-index: AccH08pTc/XlZ9ZgSOWV23ViavpMGw==
X-WBNR-Posting-Host: 70.17.255.99
From: =?Utf-8?B?Um9iZXJ0IChBQVQp?= <wavemaster@xxxxxxxxxxxxxx>
References: <EB6D4D4E-EE30-4C50-9F36-387D0FC373BD@xxxxxxxxxxxxx>
<lL78OD8BHHA.5200@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: SSL certicate issues - smartphones
Date: Tue, 14 Nov 2006 02:01:01 -0800
Lines: 159
Message-ID: <F55114AB-40E5-4CE0-AB37-6F801B75699C@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.exchange.connectivity
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.exchange.connectivity:109087
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.exchange.connectivity

Jenny, thanks for answering the first part of my question. Apparently I
need
to do this on the default website.

My second question was not about the procedure how to do it. It was about
what to do with the existing certificate so that it changes to the desired
public A record name, without messing up my current working setup.

Robert

""Jenny wu [MSFT]"" wrote:

Hi Robert,

Thanks for using the newsgroup.

From the description, I understand the issue is that you have problem to
setup activesync with Exchange server from the Nokia E62 Smartphone over
https. If I am off base, please don't hesitate to let me know.

Firstly, please let me know the exact OS installed in the smartphone. Is
it
Windows mobile OS? If yes, I suggest that you strictly following the
following white paper to configure server activesync:

Step-by-Step Guide to Deploying Windows Mobile-based Devices with
Microsoft
Exchange Server 2003 SP2

http://www.microsoft.com/technet/itsolutions/mobile/deploy/msfpdepguide.mspx

What is the website host that I need to secure? Options I have:
Default, ConnectComputer, Exadmin, Exchange, Exchange OMA, ExchWeb, MS
Server ActiveSync, Monitoring, OMA?

To enable SSL for the exchange activesync, you just need enable SSL on
the
Microsoft-Server-ActiveSync virtual directory. And also you should
configure the Microsoft-Server-ActiveSync virtual directory as follows:

1. Open IIS Manager
2. Open properties of Microsoft-Server-ActiveSync virtual directory,
select
Directory Security tab.
3. Select Edit in Authentication and access control box. Make sure the
authentication setting as below:

Authentication Methods
Check Basic authentication
Uncheck Enable anonymous access
Uncheck Integrated Windows authentication

4. Select Edit in Secure Communication box, please check the box
"Require
secure channel (SSL)" (if you would like to enable SSL)

Currently I have a self signed certificate (publishing.name.local)
however the certificate issue wants it to point to a public domain (ours
is
remote.name.com, on which we have a A record). Can I simply delete the
old
one and start a new certificate name based on our A record, without
messing
up what I currently have?

To install the certificate on the exchange server side, you should do as
follows:

1. Click "Start", point to "Administrative Tools", and then click
"Internet
Information Services (IIS) Manager".

2. Navigate to Default web site, and right click "Properties" to open
its
properties page.

3. Click "Directory Security", and then click "Server Certificate".

4. On the "Welcome to the Web Certificate Wizard" page, click "Next".

5. On the "Modify the current certificate assignment" page, you will
view
the comment like "A certificate is currently installed on this web
site".
You can choose option "Renew the current certificate" or the option
"Remove
the current certificate" according to your needs. if you would like to
use
the new certificate, you can choose the option "Remove the current
certificate" to remove old one and then reinstall a new one.

After the certificate installed on the server side, you can refer to the
following article to install the certificate on the Windows Mobile-based
device:

915840 How to install root certificates on a Windows Mobile-based device
http://support.microsoft.com/default.aspx?scid=kb;EN-US;915840

If it is not Windows mobile based OS, you may need contact the device
vendor to consult how to install certificate on the Smartphone.

Please let me know if you have further question on the issue. I am happy
to
be of assistance to you and look forward to your reply.

More information:
Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or
forms-based authentication is required for Exchange Server 2003
http://support.microsoft.com/?id=817379

Sincerely,
Jenny Wu, MCSE 2000/2003, MCSA 2000/2003, MCDBA, MCSD
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

--------------------
Thread-Topic: SSL certicate issues - smartphones
thread-index: AccHMZoW56epjjc9RaOAjh2CMW3lXQ==
X-WBNR-Posting-Host: 70.17.255.99
From: =?Utf-8?B?Um9iZXJ0IChBQVQp?= <wavemaster@xxxxxxxxxxxxxx>
Subject: SSL certicate issues - smartphones
Date: Mon, 13 Nov 2006 06:40:02 -0800
Lines: 23
Message-ID: <EB6D4D4E-EE30-4C50-9F36-387D0FC373BD@xxxxxxxxxxxxx>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Newsgroups: microsoft.public.exchange.connectivity
Path: TK2MSFTNGXA01.phx.gbl
Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.exchange.connectivity:109081
NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
X-Tomcat-NG: microsoft.public.exchange.connectivity

My 'state of the art' Nokia E62 Smartphones won't allow self signed SSL
certificates to be used. So now I am in the process of getting a public
SSL
certificate. The instructions request that I generate a Certificate
Signing
Request (CSR) from my server.

Couple of questions:


What is the website host that I need to secure? Options I have:
Default,
ConnectComputer, Exadmin, Exchange, Exchange OMA, ExchWeb, MS Server
ActiveSync, Monitoring, OMA?

Currently I have a self signed certificate (publishing.name.local)
however
the certificate issue wants it to point to a public domain (ours is
remote.name.com, on which we have a A record). Can I simply delete the
old
one and start a new certificate name based on our A record, without
messing
up what I currently have?

Thanks in advance.

Robert







.

Relevant Pages

  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: IPSEC wireless router ?
    ... My guessis that SSL ... amounts for a server certificate. ... the market and priced their PKI services accordingly, ... certificate as valid" without the slightest authentication, ...
    (alt.internet.wireless)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... > Then the world would have no problem trusting your domain level PKI ... coined the term "certificate manufacturing" to distinquish from actual ... it turns out that one of the reasons for the SSL server domain name ...
    (sci.crypt)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Whether or not authentication will succeed is completely dictated by ... how SSL certificate auth handshake happens. ... FE servers must be Windows Server 2003. ... Server's SSL certificate must be configured on root of v-server via the ...
    (microsoft.public.exchange.connectivity)