Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Difficulties to change certificate
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Difficulties to change certificate - 20.May2008 11:41:03 AM
|
|
|
michauko
Posts: 27
Joined: 5.Mar.2008
Status: offline
|
Hello,
I had some warnings about my SSL certificate (generated at installation time), as my local hostname is something like "exchange.myAD.mycorp.net" and my public hostname is like "exchange.mycorp.com".
As the names differ, outlook warns at startup. Except that, everything is working (OWA, exchange sync in OL 2003 and 2007).
I wanted to fix this because I have a mobile phone running Win Mobile 5 that doesn't like the name problem and I cannot force it to accept the certificate.
So I had to fix that name problem and give my certificate several names, I guess, including autodiscover.mycorp.com.
I followed these documentations to generate a new certificate:
http://www.equisys.com/technotes/ztn2020.htm
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/a2f35fcd-d3b6-4f39-ba93-041a86f7e17f.mspx?mfr=true
... that I signed by myself with my root cert (not verisign-like stuff).
Now, the OWA is still working, but Outlook is not : I mean : no pop-up anymore, but when I sync, the "Microsoft Exchange" task finished with code 0x8004011D.
If I switch back the certificate, everything is working fine again.
Have I missed something when changing the certificate ?
Any help would be appreciated :)
Thank you,
JM.
|
|
|
|
|
RE: Difficulties to change certificate - 21.May2008 3:01:24 AM
|
|
|
michauko
Posts: 27
Joined: 5.Mar.2008
Status: offline
|
Ok, after a reboot, things are better :)
My phone still tells me the certificate "isn't valid", maybe because I signed it with my own root certificate, not a verisign-or-something...
I'll keep you informed, that might help some people, one day
|
|
|
|
|
RE: Difficulties to change certificate - 21.May2008 12:45:06 PM
|
|
|
John Weber
Posts: 486
Joined: 20.Apr.2005
From: Portland, Oregon
Status: offline
|
import your root cert from your CA onto your mobile device.
_____________________________
-jmw
http://tsoorad.blogspot.com
|
|
|
|
|
RE: Difficulties to change certificate - 28.May2008 4:20:30 AM
|
|
|
michauko
Posts: 27
Joined: 5.Mar.2008
Status: offline
|
Hello,
Thank you for your answer.
I understood my windows mobile 5 wants a PKCS12 certificate (so I converted my CRT certificate), and I had to use a 3rd-party tool to import it as there's no import functionnality on Win Mob 5 (only as of 6+)
I used it : http://www.jacco2.dds.nl/networking/p12imprt.html, and
I managed to import my root certificate.
The only problem I still have is that the phone recognize my root certificate as a personnal certificate. That must be why I still have a 0x8* error at sync time...
Any idea ?
I know this question is 50% exchange / 50% mobile phone... :/
|
|
|
|
|
RE: Difficulties to change certificate - 6.Jul.2008 2:01:42 AM
|
|
|
MIDOOooo
Posts: 99
Joined: 6.Jul.2007
Status: offline
|
my advice is to generate a new certificate and make a split-dns infrastructure to use only one name from external and internal.
that will solve all of ur problems.
_____________________________
MIDOOooo - Mohamed Talaat
Enterprise Support Engineer
Vodafone -Egypt.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
