Self-Signed Certificate expired caused problem with Iphone.
I have a SBS 2008 server running exchange 2007. A Few days ago my self-signed certificate expired. I went through some steps to create a new one. It fixed my outlook 2007 users from getting errors but my
Iphone and Droid users are not getting authentications errors. I ended up with a lot of certificates don’t know which ones I need or if I am missing any. Something is just not right.
I have included a list of my certificates please review.
AccessRules
: {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {remote.printedcircuits.com, pci-server, pci-server.pci.lo
cal, *.printedcircuits.com}
HasPrivateKey
: True
IsSelfSigned
: True
Issuer
: CN=remote.printedcircuits.com
NotAfter
: 1/10/2017 9:13:47 AM
NotBefore
: 1/10/2012 9:13:47 AM
PublicKeySize
: 2048
RootCAType
: Unknown
SerialNumber
: 60AE92CB93711FAE4DA99E0434275D1E
Services
: IMAP, POP, IIS, SMTP
Status
: Valid
Subject
: CN=remote.printedcircuits.com
Thumbprint
: E2450E98C3BC8BB92A0A9099DD615B37214C5080
AccessRules
: {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce
ssControl.CryptoKeyAccessRule}
CertificateDomains : {PCI-SERVER, PCI-SERVER.pci.local}
HasPrivateKey
: True
IsSelfSigned
: True
Issuer
: CN=PCI-SERVER
NotAfter
: 1/10/2017 8:57:45 AM
NotBefore
: 1/10/2012 8:57:45 AM
PublicKeySize
: 2048
RootCAType
: None
SerialNumber
: 514A45D671D28CAC48968FEB63041A0A
Services
: SMTP
Status
: Valid
Subject
: CN=PCI-SERVER
Thumbprint
: 015BE22B4EC6E7C1ECA7B0E22A7DAA25A749DE31
AccessRules
: {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {PCI-SERVER.pci.local}
HasPrivateKey
: True
IsSelfSigned
: False
Issuer
: CN=pci-PCI-SERVER-CA
NotAfter
: 1/9/2013 2:02:02 AM
NotBefore
: 1/10/2012 2:02:02 AM
PublicKeySize
: 2048
RootCAType
: Registry
SerialNumber
: 25C6AECB00010000000C
Services
: None
Status
: Valid
Subject
: CN=PCI-SERVER.pci.local
Thumbprint
: 5AB6FEC6E27944BA6526CD4E1612FB2E6E80C468
AccessRules
: {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {pci-PCI-SERVER-CA}
HasPrivateKey
: True
IsSelfSigned
: True
Issuer
: CN=pci-PCI-SERVER-CA
NotAfter
: 1/8/2017 10:13:14 PM
NotBefore
: 1/9/2012 10:03:16 PM
PublicKeySize
: 2048
RootCAType
: Registry
SerialNumber
: 0A71217D382402A74932A1F484FA3B32
Services
: None
Status
: Valid
Subject
: CN=pci-PCI-SERVER-CA
Thumbprint
: 4C0F802E98ED45E655BE430D2A4763952EDA1D27
AccessRules
: {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {WMSvc-WIN-7JW7UWR0M27}
HasPrivateKey
: True
IsSelfSigned
: True
Issuer
: CN=WMSvc-WIN-7JW7UWR0M27
NotAfter
: 12/28/2019 3:18:19 PM
NotBefore
: 12/30/2009 3:18:19 PM
PublicKeySize
: 2048
RootCAType
: Registry
SerialNumber
: D93DF1D26E10158A4E2D2429C3A21DB9
Services
: None
Status
: Valid
Subject
: CN=WMSvc-WIN-7JW7UWR0M27
Thumbprint
: A6FFC903E02C5203F6DC139E50DA414EF609F00D
AccessRules
: {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule, System.Securi
ty.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {Sites, PCI-SERVER.pci.local}
HasPrivateKey
: True
IsSelfSigned
: False
Issuer
: CN=pci-PCI-SERVER-CA
NotAfter
: 12/30/2011 1:59:07 PM
NotBefore
: 12/30/2009 1:59:07 PM
PublicKeySize
: 2048
RootCAType
: Registry
SerialNumber
: 610EBFD5000000000002
Services
: SMTP
Status
: DateInvalid
Subject
: CN=Sites
Thumbprint
: 549B92FEA45758246CBD588BF62EE4206D3520B3
AccessRules
: {System.Security.AccessControl.CryptoKeyAccessRule, System
.Security.AccessControl.CryptoKeyAccessRule}
CertificateDomains : {pci-PCI-SERVER-CA}
HasPrivateKey
: True
IsSelfSigned
: True
Issuer
: CN=pci-PCI-SERVER-CA
NotAfter
: 12/30/2014 2:07:38 PM
NotBefore
: 12/30/2009 1:57:40 PM
PublicKeySize
: 2048
RootCAType
: Registry
SerialNumber
: 6F70B0DBBB418CBE40A10D434CCB5751
Services
: None
Status
: Valid
Subject
: CN=pci-PCI-SERVER-CA
Thumbprint
: AF723D9F77B29CAF007C9E2FCE3E944A43F90A1A
January 22nd, 2012 1:31am
Go to your OWA url. Download the certificate (export to a file) and install it on Phone. Hopefull this will work.Raj
Free Windows Admin Tool Kit Click here and download it now
January 22nd, 2012 3:21am
Buy a certificate.
$70/year from http://certificatesforexchange.com/
Nothing to install the devices and it will avoid any kind of popup errors. The self signed certificate is not actually supported for use with ActiveSync anyway.
I have instructions on the process, including notes for SBS installation, here:
http://exchange.sembee.info/2007/install/multiplenamessl.asp
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
January 22nd, 2012 7:39am
Ok, if I purchase a cert. do i tell them i want it for mail.domain.com, autodiscovery.domain.com, server.doamin.local, server, sites?
I get 5 domains for the cert.
Sembee, that site for the certs has a great price. Just want to make sure i have include what i need. Do i need to tell them that it for smtp, imap, pop, iis, https? or do i do that after i import it?
Jeff
Free Windows Admin Tool Kit Click here and download it now
January 22nd, 2012 2:46pm
Hello,
You can recreate a single certificate by adding all the possible DNS name values to the certificate Subject Alternative Name
property on the certificate request. A Windows–based Certificate Services certification authority should create a certificate for such a request.
Best Regards,
Lisa
January 23rd, 2012 3:49am
Jeff, you can buy a wild card certificate which can be *.yourdomainname.com.
You dont need to specify any of the services. YOu get the certificate from any of the vendors. One of them can be
http://www.rapidssl.com/buy-ssl/wildcard-ssl-certificate/index.html
Once you get the cert, follow my post here
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/299a7e4b-daab-4e19-aad3-498ce69924c7
All will be fine.Raj
Free Windows Admin Tool Kit Click here and download it now
January 24th, 2012 12:46am
Wildcard certificates are not the same as a Unified Communications certificate and are not generally recommended for use with Exchange due to compatibility issues with some clients.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
January 25th, 2012 3:02am
Wildcard certificates are not the same as a Unified Communications certificate and are not generally recommended for use with Exchange due to compatibility issues with some clients.
Simon.Simon Butler, Exchange MVP
Blog |
Exchange Resources | In the UK?
Hire Me.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2012 10:54am