Re: Microsoft Direct Push / Active Sync - can't get it working

Hi Jason,

Great to hear that you got it all working on port 80! Sorry I'm not too familiar with the way SSL certificates are created and installed, so I can't be much help from here on out.

Sounds to me though that it is a problem that you are connecting to your public IP address and the certificate common name is your local hostname. I might try to use a free dynamic DNS service like dyndns.org to create a public hostname "[yourname].dyndns.org" then create a new self-signed certificate using that address. I don't know if that is actually possible, but it might be worth a shot.

--
Jeffrey Min
Software Development Engineer
Microsoft Corp.

This posting is provided "AS IS" with no warranties, and confers no rights.

"Jasonb" <jasonb@xxxxxxxxxx> wrote in message news:1175094879.695830.307600@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On to SSL...

I decided to see if I could get an SSL cert in place, to make it all
more secure...

Following the procedure above, I went to IIS to create a cert for my
default website. I was surprised to see that one already existed! When
I checked the details of it, it was issued by *mymailservername* to
*mymailservername*, and it was issued on the day and time I upgraded
Exchange 2003 to SP2. So I'm guessing this cert came with the upgrade
or something like that?

Anyhow, I then exported this cert, and imported it onto my PC, and
added it to the root certs on my PC. Then I enabled SSL for the
Default Web site, and went to https://mymailservername/exchange and
OWA came up fine.

Next I went to https://myfirewallpublicipaddress/exchange ( after
adding a rule to allow port 443 traffic from my firewall to
mymailserver's IP address ) so I could test external access. I got an
error saying 'the name of the security cert is invalid or does not
match the name of the site'. I'm guessing this is cos the cert is
named *mymailserver* and the website I'm accessing is
*myfirewallpublicipaddress*. I got the option to proceed anyhow, and
when I click on yes I get into OWA. Remember, I'm only using OWA to
show that I can get external access to mymailserver.

However, when I tried to run Active Sync on the mobile device, after
turning on SSL, I get a simliar message...

'You have an incorrect SSL certificate common name in the host field'

I'm guessing this is the same as with the PC, though in this case I
don't have an option to proceed anyhow...

So, what do I need to do to get SSL working for the ppc? Can I get the
existing cert changed somehow ( considering I never created it
anyhow ). Can I get the windows mobile device to ignore that the
common name is different? Do I need to get another cert, and if so, I
presume the common name will have to be myfirewallpublicipaddress, not
mymailserver, so that it'll work remotely?

Final question, if I do need to get another cert, I understand how to
create a request file using IIS, but who do I send this file too? I
presume I have to go to some company, request a cert off them, pay for
it etc? Do you have any links to these companies?

Sorry for the long post, just trying to explain everything. Thanks in
advance...

J.

On Mar 28, 2:18 pm, "Jasonb" <jas...@xxxxxxxxxx> wrote:
Hi again...

Just want to report that I got it working!

I decided to see if I could get Outlook Web Access working, 'cos it
seemed that if that worked, thenDirectPushshould work too.

OWA worked for me immediately on my desktop (http://myservername/exchange
). But it wouldn't work on a remote PC. So I added a Public Server
rule on my SonicWall to forward all Port 80 traffic to my exchange /
iis server, and then OWA worked fine from the remote site.

Then all I had to do was update the address for ActiveSync on my ppc
to point to the public IP address of my sonicwall, and now my decive
is syncing over the air without any problems.

I'll now look at getting SSL working so that I can have more security.
Once I've got the certs working etc., I'll get rid of the Port 80 rule
on my Firewall and get one set up for port 443 instead. Thanks for
your help...

J.


.

Relevant Pages

  • Re: Enable SSL, OWA not work
    ... You should see that the TCP port is 80, and the SSL port is 443. ... Can you try removing the cert and generating a new request? ... or from a CA on the Internet? ...
    (microsoft.public.exchange.admin)
  • Re: SSL Host Headers IIS 6.0
    ... Also can I use a wild card cert if the two domain names are completely ... > You have two SSL sites with different certificates/identities. ... Each website has distinct IP:Port and distinct SSL Certificate ... > much like standard http on port 80 where it allows you to share the same ...
    (microsoft.public.inetserver.iis.security)
  • Re: SSL in Active Directory
    ... Each cert needs to match the DNS name of the DC, not just the domain, so ... All DCs would then have to have an SSL. ... Adding SSL support won't change the behavior of any existing LDAP clients ... Port 389 stays like it is now as well as the GC port. ...
    (microsoft.public.windows.server.active_directory)
  • Re: port 443 trying to shut it down when not using ssl
    ... Run the following command from the command line: ... You can't really stop the binding unless you have a SSL. ... One you got the cert installed, go to advanced properties of the sites ... and remove the port 443 mapping entry. ...
    (microsoft.public.inetserver.iis.security)
  • SSL Help
    ... Can noyo9ne recommend a web group, ... questions about SSL certificates? ... What I need to know is if you purchased a cert. ... you move it from one provider to another, can you take the SSL cert. ...
    (microsoft.public.dotnet.framework.aspnet.security)