My exchange server and IIS have been operating in cleartext for longer than I know at my office. I've resolved to fix that and have been working to enable it in all aspects of client access. I have been able to enable SSL and self sign a certificate and OWA through internet explorer works fine. I was able to VPN out and test it. No problems.
However I cannot get any OEM Droid or Iphone email app in the office to connect once I make that change over. What am I missing?
If you are using a self-signed PKI cert, or one from an AD DS-based certificate authority, you are stuck.
In the case of the self-signed PKI (originating from the CAS itself) I know of no fix.
In the case of the AD DS-based CA, then you can TRY to get the trusted root cert from that CA installed onto the EAS device (droid, windows mobile, iphone) but don't bet too much of your own money on that one.
Best bet is to go get a public certificate for your CAS. GoDaddy, Komodo, Digicert. Digicert has a nifty Exchange CSR generator.
Thanks for the quick response. So you're saying my self-signed certificate isn't legit enough for the droid email app or iphone email app to approve? I figured if a browser can connect why not the app.
Would this be similar to why I can configure the pop3 virtual server for clear text and gmail can access it, but I try enabling ssl for that and gmail shuts it down?
The devices like the public certs because they have the trusted root cert already installed. E.g., the device is presented with a cert that says, "I am owa.domain.com" and I say so because I say so. The device has no way of verifying the trust. But if the cert ends that with "my cert is issued by digicert" the device knows who digicert is, and can trace the thumbprint of the cert. Trust works there.
As to the browser, you are either accepting the cert, or the cert came from an AD DS CertCA that is published in your AD, and the browser is on a domain member computer that got handed the cert as part of the domain package.... trust works there.
Google? dunno. Probably, but no direct knowledge. If you have Exchange on prem, why use POP?
Well, the devices are all external. And I'm talking about using OWA while at home to check email. Not necessarily to have a domain member computer in the AD connect but my computer in my living room at home. So in my very limited experience with this, I saw the phones and home computer coming at our exchange server to the same url. Which when enabling SSL steps through IIS and configures the OMA and activesync and security links. I suppose to vpn through a domain computer wasn't the most broad test for availability, and the true test will be to enable SSL and go home to try.
The pop was a configuration to pull emails (not delete but retrieve) from work, and pull/delete emails from other personal accounts like hotmail and sort them all through my gmail account instead of having 4 separate email accounts on my phone. Then through my phone or desktop where ever I am, I can pull up gmail and receive notifications of new mail in one location. Plus, I didn't lose the emails at work while I was at my desk. The other accounts are from other 3rd parties online and were setup easily, but for the work exchange I just set the POP up (despite the large amount of advise against using pop). Really it was all about simplifying 4 accounts into the Gmail. If you had another suggestion I would be happy to learn. Thanks again John.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2007] >> Outlook Web Access >> Enable SSL causes handhelds to fail 
Enable SSL causes handhelds to fail - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
