Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Stuck with ssl cert problem
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Stuck with ssl cert problem - 24.Nov.2005 2:33:33 PM
|
|
|
Mylle
Posts: 38
Joined: 28.Apr.2004
From: Denmark
Status: offline
|
Hello,
I have had an exchange server 2003 and ISA 2004 (started out with 2000) server running for about 2 years now. My question is about the exchange owa webserver. I have it setup through isa2004 with https and created my own certificate which for the most parts have been working just fine except for the annoying warning pop up when you log on to the website.
Now i got a new cool cell phone with windows mobile 5.0 and i want to be able to sync with exchange via activesync. The first problem i ran into was that mobile 5.0 only accept certificates that it has on its already predefined list and you cannot add more. I did find a way to add my own certificate by tweaking the registry in the phone, but when i tried to sync with exchange over GPRS it still errored out with invalid certificat. I then decide to spend the mony on a verisign certificate because it is already accepted by windows mobile. I installed it on my exchange server and changed the cert in the listener on the isa server and now the annoying pop up gone when checking owa mail through internet explore. Great i thought :) but to my big dissapointment my mobile 5.0 phone still gave me the invalid certificate error. I then installed firefox and that too give me a warning about the certificate having an unknown authority.
Im really stuck here. any help would be much appreciated.
Jacob
|
|
|
|
|
RE: Stuck with ssl cert problem - 25.Nov.2005 12:32:28 AM
|
|
|
tshinder
Posts: 47659
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Jacob,
Make sure the CA certiicate that issued certificate used on the ISA firewall's Web listener is included in the CA cert list on the phone.
What are the details of the Web Publishing Rule that you're using to publish the OMA/ActiveSync site? Remember, you can't use the ISA FBA on the listener that will be accepting the incoming connections from the PDA/Phone.
HTH,
Tom
_____________________________
Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/
GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8
|
|
|
|
|
RE: Stuck with ssl cert problem - 25.Nov.2005 8:41:18 AM
|
|
|
Mylle
Posts: 38
Joined: 28.Apr.2004
From: Denmark
Status: offline
|
Hi Thomas,
Thanks for you reply.
Just to make sure. FBA = form based authentication?
That is exactly what i use to publish my exchange OWA. Thats what makes that nice looking login webpage instead og just a username/password promt. Is that correct?
So how do i get the phone to work then. Is it possible to create another rule along side the rule that does not use FBA. How are the browsers then going to know which rule to use. I like the login webpage.
I really appreciate your help.
Jacob
|
|
|
|
|
RE: Stuck with ssl cert problem - 25.Nov.2005 11:15:56 AM
|
|
|
Mylle
Posts: 38
Joined: 28.Apr.2004
From: Denmark
Status: offline
|
Hello again,
So i found you article here:
http://www.isaserver.org/tutorials/2004pubowamobile.html
and i followed your instructions step by step, but after finishing i get this error:
Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)
I know it has to do with the certs not matching but im pretty sure i set it up correctly.
Jacob
|
|
|
|
|
RE: Stuck with ssl cert problem - 1.Dec.2005 12:16:22 PM
|
|
|
KOCTALEM
Posts: 4
Joined: 16.Nov.2005
Status: offline
|
Mylle,
Try to use Microsoft "Disable Certification Verification tool " It enables users with Windows mobile devices to connect to Exchange servers without verifying the root certificate authority against the certificate trust list on the device. The device still uses SSL to connect to Exchange; however, the Exchange certificate check allows only certificates from untrusted certificate authorities to be used without generating errors.
In our environment it was only way to make ActiveSync work with IPAQ 6340 communicators.
|
|
|
|
|
RE: Stuck with ssl cert problem - 1.Dec.2005 12:34:12 PM
|
|
|
Mylle
Posts: 38
Joined: 28.Apr.2004
From: Denmark
Status: offline
|
I would but unfortunately there is no such tool for WM 5.0. only the 2003 version had that tool.
Jacob
|
|
|
|
|
RE: Stuck with ssl cert problem - 2.Dec.2005 9:03:34 AM
|
|
|
Mylle
Posts: 38
Joined: 28.Apr.2004
From: Denmark
Status: offline
|
Thomas:
Would you be able to help me out any further?
Just to see if the cert on my phone works. Should i not be able to switch from FBA to Basic just for a moment to se if i the sync works?
Jacob
|
|
|
|
|
RE: Stuck with ssl cert problem - 5.Dec.2005 10:58:43 AM
|
|
|
Mylle
Posts: 38
Joined: 28.Apr.2004
From: Denmark
Status: offline
|
anybody?
|
|
|
|
|
RE: Stuck with ssl cert problem - 15.Dec.2005 11:12:37 AM
|
|
|
Mylle
Posts: 38
Joined: 28.Apr.2004
From: Denmark
Status: offline
|
Im sad to see thateveryone has given up on me.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
