We are running Exchange 2007. On Friday I installed two new certificates - 1 SMTP internal and one 1 3rd party for mail.xxxxxx.xxx. Today I noticed my phone was not updated with my emails. I checked the ActiveSync synchronization annd found ActiveSync had an error "ActiveSync EXCEPTION: Not trusted certificate". When I renewed the 3rd party certificate everything went well and the certificate looks good. Is there something I need to do for ActiveSync to accept the new certificate? NC Beach Bum

On Sat, 25 Sep 2010 23:58:58 +0000, NC Beach Bum wrote: > > >We are running Exchange 2007. On Friday I installed two new certificates - 1 SMTP internal and one 1 3rd party for mail.xxxxxx.xxx. Today I noticed my phone was not updated with my emails. I checked the ActiveSync synchronization annd found ActiveSync had an error "ActiveSync EXCEPTION: Not trusted certificate". When I renewed the 3rd party certificate everything went well and the certificate looks good. Is there something I need to do for ActiveSync to accept the new certificate? >NC Beach Bum The certificate may be okay, but the CA may have added an intermediate CA to the chain of trusts. If that happend then you need to update the CA certificates on your server and on anything that uses them. Assuming your IIS is exposed to the Internet, visit this URL and haved it check the certificate. It's pretty helpful. http://www.digicert.com/help/ --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Rich - Thanks very much for the reply. This website is very helpful. I may have a lead or maybe not. I checked our two certs and found the mail.xxxxx.yyy cert is good. I checked the domain cert xxxxx.yyy is good too. I then tried a URL for the activesync as activesync.xxxxx.yyy and it came back with the xxxxx.yyy and it should have come back with the mail.xxxxx.yyy certificate. I don't know if I screwed up on the URL check for activesync and it simply returned the defaule xxxxx.yyy certificate or if it's actually the cert that activesync is sending out. When I view the certificate in IIS for activesync I see what should be the correct cert as mail.xxxxx.yyy which also shows up on my phone activesync. I may be chasing snipe on this one - but do you know what the activesync URL would be to check it in Digicert? NC Beach Bum

On Sun, 26 Sep 2010 11:05:51 +0000, NC Beach Bum wrote: > > >Rich - Thanks very much for the reply. This website is very helpful. I may have a lead or maybe not. I checked our two certs and found the mail.xxxxx.yyy cert is good. I checked the domain cert xxxxx.yyy is good too. I then tried a URL for the activesync as activesync.xxxxx.yyy and it came back with the xxxxx.yyy and it should have come back with the mail.xxxxx.yyy certificate. I don't know if I screwed up on the URL check for activesync and it simply returned the defaule xxxxx.yyy certificate or if it's actually the cert that activesync is sending out. When I view the certificate in IIS for activesync I see what should be the correct cert as mail.xxxxx.yyy which also shows up on my phone activesync. There can be just one certificate bound to an IP address in IIS unless you're going to start using headers in the web sites. How you have the certificates assigned and to what addreses, nor do I know if your DNS resolves the names you use to the correct IP addresses (if ou have multiples of them). >I may be chasing snipe on this one - but do you know what the activesync URL would be to check it in Digicert? Well, how about trying http://testexchangeconnectivity.com and running the activesync portion of the tests? When we ran E2K3 I used just one name for both OWA and ActiveSync. Assuming you have OWA exposed, have you tried using that URL on your mobile device's AS setup? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

If you have a firewall like ISA server, be sure you have replaced certificate there, as well, and check if intermediate cert is OK there. Just be aware that before intermediate cert takes effect, you have to restart server where cert is installed (added).alfa21