Tuesday, 6 October 2009

ActiveSync on IAG - Certificate Issues

I realised the other day that I hadn't updated the issue that was encountered within this blog post about ActiveSync on IAG.

Well the issue turned out to be certificate related. The Exchange server was using a self signed certificate, so the trusted root certificate had to be added to the mobile devices.

There is some well documented information with regards to configuring Exchange 2003 ActiveSync using a self-signed SSL certificate.

Export the root certificate

  1. On the Certificate Authority that issued the certificate to the Exchange server, open the Control Panel and double click Internet Options. NOTE - this guide assumes that you are using a Microsoft CA.
  2. Click on the Content tab and then on the Certificates button.
  3. Click on the Trusted Root Certification Authorities tab.
  4. Locate the trusted root certificate for your domain. It is vital that the certificate be trusted rather than be listed under any other tab. Select the certificate and click on the Export button.
  5. The Export Certificate Wizard will be displayed, click Next.
  6. Select the option to export the certificate in DER encoded binary X.509 (.CER) format and click Next.
  7. Enter a name for the certificate and specify where you would like the file saved. Click Next,
  8. Finish and then OK.

Install the root certificate onto the client device

  1. Now locate the .cer file created and copy it to your PDA via Microsoft ActiveSync to any folder on the device (for a Windows Mobile device), or using the appropriate synchronisation software for your device. Alternatively the file could also be saved to a memory card or transferred via Bluetooth.
  2. On the PDA, open File Explorer and browse to the folder where you saved the certificate.
  3. Tap on the icon for the certificate and tap Yes to install it when prompted.
  4. On a Windows Mobile device, tap on Start → Settings → System → Certificates → Root and verify that the certificate is listed.
  5. You are now ready to use Server ActiveSync securely, using your own SSL certificate.

There is also some useful troubleshooting information here: http://blogs.technet.com/edgeaccessblog/archive/2008/07/29/publishing-microsoft-activesync-through-iag-2007-part-2-of-2.aspx

No comments:

Post a comment