Technology News Feed
Twitter
Wednesday, 9 January 2008
Further to my previous posts Mobile ActiveSync and Microsoft Exchange 2007 and SSL Certificates for Exchange Server 2007 continued… I am happy to report that I’m finally making progress on the ongoing SSL certificate/ActiveSync debacle. I dug out my Blackberry 8820 to test the certificate problem and of all things the Blackberry gave the clearest indicator of what the problem was – leading me to the discovery that some mobile devices only seem to read the first entry name entry in certificates that support multiple names.
A little digging and a few penny drops later and I managed to get ActiveSync working properly on the Sony Ericsson p1i. I had put the server address into the p1i as mail.domainname.com (I also tried www.domainname.com) but the certificate we applied for listed domainname.com as the first entry followed by www.domainname.com, mail.domainname.com, autodiscover.domainname.com, host. Of course the p1i seemed to be checking only the first entry and considered that www.domainname.com (the entry I had put in for the server) and domainname.com (the first entry on the certificate) were completely different entities thus throwing up a certificate violation warning.
It seems that although the certificate and Exchange 2007 support (SAN) Subject Alternate Naming – that in actual fact certain mobile devices don’t and as such the order of the addresses in the certificate, particular the first one, is vital. The p1i is now syncing quite happily using ActiveSync and push. Mind you, I still haven’t got the iPAQ working using ActiveSync but I’m getting closer!
Related
- Mobile ActiveSync and Microsoft Exchange 2007
- Windows Mobile 6 and Exchange Server Settings
- SSL Certificates for Exchange Server 2007 continued…
- The Perils of Support Desks: GoDaddy
- Problems with GFI Mail Archiver and Exchange Server 2007 SP1
Hi, i’m running into the same problem on my P1i. Everytime the activesync runs it prompts me to manually accept the certificate. I’m glad to see you found a solution.
How could i fix that problems. If my server address is “webmail.hds.com” and my domain is “hds” what should i be doing.
Thanks
-Gopal
Gopal, did you put webmail.hds.com as the first host entry in the certificate chain? It would be interesting to know if you did.
[...] that I??m finally making progress on the ongoing SSL certificate/ActiveSync debacle. I dug out my Bhttp://www.jasonslater.co.uk/index.php/2008/01/09/a-solution-for-ssl-certificates-and-activesync-pro…Review: RIM BlackBerry 8820 T-Mobile business smartphone …Mar 28, 2008 … T-Mobile&39s blackberry [...]
we also have similar problem at one of our client. we are using SAN certificate with
webmail.domain.com
autodiscover.domain.com
cas01 (cas01 server netbios name)
case01.internaldomainname.com
case02
case02.internaldomainname.com
What name should i put during activesync configuration?
Thanks.
I’m having the same issues! And it seems about right what your suggesting because the certificate check also appears in the opera browser when connecting to the OWA.
The only thing that is holding me back at the moment is how do you change the order of urls in the certificate. I have never done anything like that and would love to see al the SE users syncing happily ever after…
Alex,
The only way I could find to change the order of the URLs was to re-apply for our certificate via the certificate provider.
Manoj,
Personally I would put the first entry in the url list (webmail.domain.com in your example).
Jas.
Jason, I still have the problem. i have the server name correct and the domain name correct and still i get the SSL certificate manual acceptance request.
Thanks
Gopal,
What device are you running and is the problem on an internal network?
One thing I did find on the SE p1i was that the server address on the device needed to be put in without the hostname so hostname.domain.com simply became domain.com
[...] that I??m finally making progress on the ongoing SSL certificate/ActiveSync debacle. I dug out my Bhttp://www.jasonslater.co.uk/index.php/2008/01/09/a-solution-for-ssl-certificates-and-activesync-pro…Microsoft ActiveSync 3.x Desktop Software – HPC FactorWindows CE Synchronisation Software activesync [...]