Results 1 to 4 of 4
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Rochester, NY, USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Iím having difficulty getting an iPhone to connect to Microsoft Exchange 2007 when using certificates. Here is what I have done so far. I have Exchange set so that certificates are not required and itís doing basic authentication. With this configuration I can connect my iPhone 3GS just fine and get email, calendar etc.

    I then used the iPhone configuration utility to create a profile. This profile includes a self-generated certificate that will authorize a device to communicate with our Exchange server. This certificate is the same one we use to allow users to use Remote Web Workplace (RWW) and Outlook for Web Access (OWA) from their home PC's. I loaded the certificate using the "Credentials" payload. I could not load the certificate using the "Exchange Activesync" payload because the certificates were not listed when I tried. I have loaded this profile onto my iPhone. I can verify that the profile and the certificate were loaded successfully.

    I then changed Exchange it to require a certificate and I cannot connect. The message I get is ďCannot Get Mail. The connection to the server failedĒ. If I turn off the option to require a certificate in Exchange 2007 I can get my mail just fine.

    Because I can verify that the certificate was loaded onto the phone, I believe the problem may lie with Exchange but Iím stuck as where to look.

    Our server is running Windows SBS 2008 x64. This includes Exchange 2007. The server is up to date with all patches and service packs.

    Thanks in advance for any help you can provide.

  2. #2
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,202
    Thanks
    49
    Thanked 987 Times in 917 Posts
    I've had this working on a system a year ago but didn't have to do anything special so I don't know why yours is not happy.
    Get a real certificate, not a self signed one - StartSSL have free certificates - this may help.

    cheers, Paul

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Rochester, NY, USA
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've finally resolved this issue by following the instructions at this site:

    http://www.expta.com/2010/02/how-to-...ones-with.html

    The basic problem I was having was generating the right type of certificate and associating that certificate with the user in AD.

    I hope this helps someone in the future.

  4. #4
    WS Lounge VIP
    Join Date
    Dec 2009
    Location
    Earth
    Posts
    8,202
    Thanks
    49
    Thanked 987 Times in 917 Posts
    As I said, use a real certificate - self signing is always a pain.

    cheers, Paul

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •