Running iphone exchange without SSL cert.

I have multiple exchange servers (for different companies)
for which I am trying to setup users Iphones,
the only one I have gotten to work is the company that has a
purchased certificate, one of the companies that has a self signed cert
seemed to accept it but never downloads the folders or mail, later
it starts requesting the user name and password which it does not accept.
I have other exchange servers that do have OWA enabled and working but do
not have a cert. I have tried SSL on and off with these, no diffrence.
what am I missing can iphone exchange work at all WITHOUT a cert?
sorry for the long post,
I've been working on this for almost 5 hrs now...:-(
thanks,
Jonathan

You probably CAN do this, but the question is WHY?
It might seem like a pain to obtain and install and configure the certificate, but if users besides the iPhone folks access OWA, then web browsers will probably throw up a lot of errors and warnings that are irritating to users and look unprofessional. If you are consulting or managing the servers for these companies I suggest explaining that in today's insecure environment, encrypted, authenticated email access is the only way to do this--and that getting the certificate is necessary. Godaddy.com probably sells them for around 30$/year for 3 years or so?
To your specific problem, can users access OWA on the server from their browser, but not the phone? There a a lot of problems that could happen--the company firewall may not be forwarding the traffic correctly or allowing http to the server, Exchange may not have non-ssl traffic allowed to the mobile website, etc.

Similar Messages

  • Running iFolder3.9 without SSL is supported by Novell ?

    running iFolder3.9(OES11) without SSL is supported by Novell ?
    We don't want SSL(overhead) because either we connect from our office LAN or otherwise via VPN, and also almost no one uses web access.
    Please let me know
    Regards

    needee,
    It appears that in the past few days you have not received a response to your
    posting. That concerns us, and has triggered this automated reply.
    Has your problem been resolved? If not, you might try one of the following options:
    - Visit http://support.novell.com and search the knowledgebase and/or check all
    the other self support options and support programs available.
    - You could also try posting your message again. Make sure it is posted in the
    correct newsgroup. (http://forums.novell.com)
    Be sure to read the forum FAQ about what to expect in the way of responses:
    http://forums.novell.com/faq.php
    If this is a reply to a duplicate posting, please ignore and accept our apologies
    and rest assured we will issue a stern reprimand to our posting bot.
    Good luck!
    Your Novell Product Support Forums Team
    http://forums.novell.com/

  • Exchange 2007 - Outlook Anywhere problems after installing new SSL cert

    *** Original thread posted on wrong forum ***
    Hi all,
    Exchange 2007 environment (2x CAS, ISA2006). Not much familiar with Exchange.
    Problem: 20-odd machines off the domain use Outlook Anywhere (XP with Outlook 2010). AUthentication pop-up and not able to connect.
    Company has recently changed its name and we have to renewed the SSL cert. Previous SSL cert. was issued to: webmail.oldcompname.co.uk (several SANs on that cert., including internal server names).
    Applied for a new UCC SSL cert issued to: newcompanyname.com (also includes webmail.newcompanyname.com ; autodiscover.newcompanyname.com + old SANs).
    The setting on those machines point the proxy to the following:
    Https://webmail.oldcompname.co.uk (which is fine since it is in the cert and can be accessed)
    Only connect to proxy servers that have this principal name in their cert.: 
    msstd:webmail.oldcompname.co.uk (I believe this is the problem since the new UCC SSL cert. was issued to newcompanyname.com).
    Browsing technet + internet it seems that I need to look into OutlookProvider EXPR.
    When I run Get-OutlookProvider everything is blank (I believe I should be concerned to EXPR only for Outlook Anywhere).
    I am thinking of running: Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:newcomanyname.com
    My only concern is whether this might break something else in the Exchange environment, especially as we have 100+ users on smartphones connecting via SSL on webmail.oldcompname.co.uk
    Is it save to run this command? Do I need to re-start IIS? Do I need to look into any settings on ISA2006?
    Comments/help are much appreciated.
    Regards 

    Hi,
    According to the description, I found that we re-new a SSL certificate.
    "I am thinking of running: Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:newcomanyname.com"
    Just do it. Then remove the old certificate on ISA server and install a new one.
    Found a similar thread for your reference:
    Renewal of SSL certificate in exchange 2007 with ISA 2006
    http://social.technet.microsoft.com/Forums/exchange/en-US/25770038-8491-470a-92fa-8ae50674b7a6/renewal-of-ssl-certificate-in-exchange-2007-with-isa-2006
    Hope it is helpful
    Thanks
    Mavis
    Mavis Huang
    TechNet Community Support

  • Can I exchange my white iPhone 5 without a reciept?

    Can I exchange my white iPhone 5 without a reciept? It's only 1 month and a week old, I have the box, and all the accessories with it, the iPhone has no scratches, as you can say, its New.     I'm not liking white, i prefer a Black one instead.

    If you've had it for over a month, then you are outside of the return window. You can't 'exchange' it at all.
    You're welcome to sell it and buy a new phone.

  • HT201412 can i exchange my iphone 5c with iphone 5 by paying more or just exchange without paying?

    can i exchange my iphone 5c with iphone 5 by paying more or just exchange without paying?

    No. Apple no longer makes the iPhone 5. It has been replaced by the iPhone 5c.

  • SSL cert error on exchange 2013.

    Hi,
    Can I please have some help to avoid the following two error messages appears on opening outlook 2013 on windows 7 connected directly to the server 2012 domain.
    Godaddy SSL cert is installed on mail.domain.com and firewall forwarding is properly setup.
    There is NO error message if we connect through outlook (AnyWhere) on a system which is not part of the domain and connecting from outside.
    Error Box 1
    Security Alert
    servername.localdomain.local
    Information you exchange with this site cannot be viewed or changed...................
    The security certificate is from a trusted certifying authority.
    The security certificate date us valid
    X The name on the security certificate is invalid or does not match the name of the site....
    Error box 2
    Microsoft Outlook
    There is a problem with the proxy server's security certificate.
    The name on the security certificate is invalid or does not match the name of the target site servername.localdomain.local
    Outlook is unable to connect to the proxy server. (Error Code 10)
    Any quick help will be highly appreciated!
    Many thanks

    Hi,
    Are you using a Single domain cert by GoDaddy, if thats the case we cannot add more than one domain to your cert. I believe you have added the outlook anywhere domain name to your cert since your outlook anywhere connection is prompting any errors.
    You have two options, one is purchase a UCC Cert and add all URL's required or Please have a look on these below Virtual Directories on the exchange server and modify the the URL's so you will not get the Cert errors.
    use the shell to view the internal and external URL's,
    Get-ActiveSyncVirtualDirectory | fl internalurl,externalurl
    Get-AutoDiscoverVirtualDirectory | fl internalurl,externalurl
    Get-ECPVirtualDirectory | fl internalurl,externalurl
    Get-OabVirtualDirectory | fl internalurl,externalurl
    Get-WebServicesVirtualDirectory | fl internalurl,externalurl
    Change all your internal URL's similar to the external URL's, use the Set command as the example below.
    Get-AutodiscoverVirtualDirectory -server EXCHANGE | Set-AutodiscoverVirtualDirectory -ExternalUrl ‘https://mail.domain.com/Autodiscover/Autodiscover.xml’
    make sure all your servername.localdomain.local URL's are changed to match primary certificate name.
    Regards
    Boniface

  • How can i publish owa on exchange 2013 without ssl?

    hi
    i need connect to owa on exchange 2013 without ssl.
    but when i change config from https to http. my iis return internal error.
    can anybody tell me switch from https to https step by step on exchange 2013?
       regards

    Check out http://technet.microsoft.com/en-us/library/dn635115(v=exchg.150).aspx#OWA
    Bharat Suneja
    Exchangepedia.com | bsuneja
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Please do not send email directly to this alias. This alias is for newsgroup purposes only.

  • POP without SSL on Exchange Online

    Has anyone figured out a way to use POP without SSL? 
    Just like many things with Microsoft, I'm getting conflicting answers from Microsoft reps.  Originally, sales people said it's supported, but when we started implementing, we couldn't get it to work so we opened a ticket and were told, once again, that
    it's supported.  I finally spoke to another rep who said it's not supported.
    We have a ticketing system that uses POP and doesn't support SSL so we're stuck with having to set up a POP server in-house just for.  Kind of defeats the whole purpose of the cloud. 
    I am very frustrated with Microsoft and regretting going with them for the outsourced email and the random restrictions they come up with using "security" as an excuse.

    Has anyone figured out a way to use POP without SSL? 
    Just like many things with Microsoft, I'm getting conflicting answers from Microsoft reps.  Originally, sales people said it's supported, but when we started implementing, we couldn't get it to work so we opened a ticket and were told, once again, that
    it's supported.  I finally spoke to another rep who said it's not supported.
    We have a ticketing system that uses POP and doesn't support SSL so we're stuck with having to set up a POP server in-house just for.  Kind of defeats the whole purpose of the cloud. 
    I am very frustrated with Microsoft and regretting going with them for the outsourced email and the random restrictions they come up with using "security" as an excuse.
    The guys from messageops.com has a guide how to I copy some of the Info
    You can install stunnel on a server or workstation in your environment and configure your devices which don’t support TLS or POP3 over SSL to connect through that server to the Microsoft Online Services.  Continue reading for details on how to
    configure and use stunnel.
    Getting stunnel up and running is pretty straight forward.
    Step 1 – Install stunnel
    You can download the stunnel Windows binaries from
    http://www.stunnel.org/download/binaries.html
    After downloading and installing the exe, you will likely want to configure it to run as a service.  To do that, go to Start->All Programs->stunnel->Service Install.
    Step 2 – Configure the stunnel configuration file
    You can download a configuration file that has been preconfigured for use with Microsoft Online here.
    The configuration file looks like:
     # Stunnel configuration file for Microsoft Online POP3 and SMTP
    # Author: MessageOps
    # GLOBAL OPTIONS
    client = yes
    output = stunnel-log.txt
    debug=4
    taskbar=yes
    [POP3 Incoming]
    #Accept connections on port 110 and send to Microsoft Online on port 995 over SSL
    accept = 127.0.0.1:110
    connect = pop.mail.microsoftonline.com:995
     [SMTP Outgoing]
    #Accept connections on port 25 and send to Microsoft Online on port 587 over TLS
    protocol = smtp
    accept = 127.0.0.1:25
    connect = Smtp.mail.microsoftonline.com:587
    What this configuration file does is tells stunnel to listen or ports 110 and 25 and it then redirects connections on those ports to the appropriate SSL ports.
    You might need to modify a few settings in the file:
    The Microsoft Online Server names are for customers in the North America Datacenter.  If you are in a different datacenter, update to the appropriate values.
    With this configuration, stunnel will only listen on the address 127.0.0.1.  This is only useful if the application that needs to connect to Microsoft Online resides on the system that stunnel is running on.  You can remove the 127.0.0.1 portion
    of the address to have the service listen on all IP Addresses.  That would look like:
    accept = 25
     After the file has been modified, replace the existing stunnel.conf in the Program Files\stunnel directory with the new one.
     Finally start the stunnel service.

  • Accessing websites running on non-standard ports or with self-signed ssl certs?

    I've got some sites running using self-signed ssl's that also run on non-standard ports. Firefox home doesn't seem to open these pages it just sits there with the spinner loading and a blank screen...
    Anyone else noticed this?

    If the ASA is using a certificate issued by a CA that is in the client's trusted root CA store, then the ASA identity certificate does not need to be imported by the client.
    That's why it's generally recommend to go the route of using a well-know public CA as they are alreay included in most modern browsers and thus the client doesn't need to know how to import certificates etc.
    If you are using a local CA that is not in the client's trusted root CA store to issue your ASA identity certificate or self-signing certificates on the ASA then you need to take additional steps at the client.
    In the first case, you would import the root CA certificate in the trusted root CA store of the client. After that, any certificates it has issued (i.e the ASA's identity certificate) would automatically be trusted by the client.
    In the second case, the ASA's identity certificate itself would have be installed on the client since it (the ASA) is essentially acting as it's own root CA. I usually install them in my client's Trusted Root CA store but I guess that's technically not required, as long as the client knows to trust that certificate.

  • SSL Cert for 2008 R2 Reporting Services that is installed on a Failover Cluster - server address mismatch?

    I utilized the idea from
    http://www.mssqltips.com/sqlservertip/2778/how-to-add-reporting-services-to-an-existing-sql-server-clustered-instance/ to install 2008 R2 Reporting Services on a new Clustered SQL instance.  In short, create the new Clustered SQL instance on Node1,
    installing Reporting Services with it.  Then on Node2, Add a Failover Cluster Node (without choosing Reporting Services); following that up with starting the SQL setup.exe with a cmd to bypass a check so that I can then install the Reporting Services
    feature on Node2.  It points out using the SQL Cluster Network name for connecting to Reporting Services.
    I verified upon failover that I could still access the Reports and ReportServer URLs.  However, when wanting to add an SSL certificate to the RS configuration, I run into the warning of "mismatched address - the security certificate presented by
    this website was issued for a different website's address", where I can continue and get to the Reports or ReportManager URLs.
    I played with different certs (internal CA created) and SANs and other things, but I still get this error with the cert.  The Reports URL, for example, is <a href="https:///Reports">https://<SQLClusterNetworkName>/Reports, and the
    cert has a CN and Friendly Name of SQLClusterNetworkName (with SAN of DNS: SQLClusterNetworkName.<domain>), but the error still happens.
    What am I missing to eliminate the mismatched address warning when using the SQLClusterNetworkName as the base of the URLs?

    I got it working by using the FQDN as the common name on the SSL cert, with FQDN in RS URLs.

  • Dreaded "must be configured to use a valid SSL cert" - 2008 R2

    Hello everybody,
    I've been browsing through hundreds of topics on the dreaded "The RD Gateway server must be configured to use
    a valid SSL certificate" error using BPA (Windows Server 2008 R2 Std), but still haven't found a proper solution.
    Here's the issue: RDGW not operating properly and sometime accepting connections, sometimes not. 
    I have an external domain example.com and internally, the domain is example.local. I have one server serving Exchange and RD, this is the server responding to mail.example.com and I have an StartSSL issued cert for mail.example.com, which is properly configured
    on the server (OWA is working properly with autodiscover etc.). SSL bindings seem alright, default site is using the mail.example.com SSL cert.
    If I open the RDGW Manager and go to the SSL Certificate tab, the system looks happy by having the cert installed, everything looks fine. Sometimes I even manage to connect - connection is successful, I can normally connect to any of the servers or computers.
    On a second attempt, I just get the message, that the logon attempt had failed. If I run BPA on the server, I get the error of not having a proper SSL cert. If I select a self-signed cert, then also the BPA goes through, but then I have problems with connections
    since everybody would need this cert to have installed.
    From what I read, my problems are related to the issue that the FQDN of my server is servername.example.local and the cert is issued to mail.example.com. How can I make the thing only to talk via the mail.example.com cert? I don't think I can get a cert
    that'd also contain a SAN of servername.example.local from the CA.
    What can I do?

    Hi Andrej,
    Thanks for posting in Windows Server Forum.
    Here providing you the article for BPA’s configuration logs, where you can check. It also states that certificate are main problem related to this error. Please check certificate which you have bound have FQDN name of gateway server, the certificate is SSL
    certificate and it’s a trusted certificate. Also check that certificate which you have importing to RD gateway must be in local computer/personal store. For more information refer below article.
    1. Using the Remote Desktop Services BPA to analyze a Remote Desktop Gateway
    implementation
    2. RDS: The RD Gateway server must be configured to use a valid SSL certificate
    In addition, you need to specify the FQDN name of RD gateway under
    DefaultTSgateway in IIS setting. Please go through below article for details.
    RD Gateway/Web Access Outside the Firewall
    Hope it helps!
    Thanks,
    Dharmesh

  • [SOLVED]/etc/ssl/certs/ca-certificates.crt missing from fresh install?

    Hi!
    I was wondering if any of you could understand why I need to reinstall ca-certificates post-install, so as /etc/ssl/certs/ca-certificates.crt gets generated back?
    I'm installing from a netinstall x86_64 image with automatic AIF profile and from [testing] repo?
    Since the file gets made when installing post-install, then I thought that it was rather an install issue instead of a [testing] one? I dunno...
    I've just run a new install from the usb stick, and still the same, and pacman.log states that ca-certificates is installed fine, but again the file is missing and I get complaints in vt1 when browsing https sites and when using curl and such, unless I do a reinstall of ca-certificates...
    Thanks in advance!
    -- EDIT --
    Problem solved by latest perl from testing repo...
    Last edited by mhertz (2012-01-03 01:40:16)

    .. Just wanted to add that of course I know that the ca-certificates.crt isn't in the actual package, but that it _should_ be generated by running update-ca-certificates from the packages install script, but just isn't upon install...
    The package is also out of testing now and in core I see...
    Anyway, to fix this, I guess I just need to add an extra chroot command in my AIF config which runs 'update-ca-certificates --fresh', since atleast that works i.e. generates ca-certificates.crt, but i've only tried it post-install, and I don't want to do another install again, as I did 2 yesterday...
    Again, if anybody could help me with some kind of explanation or theory or whatever for this, then I would really appreciate it!
    I _do_ think that the update-ca-certificates command is run correctly during install, as else I guess I wouldn't have all these symlinks in my /etc/ssl/certs/ folder, but then why it dosen't generate that additional ca-certificates.crt file, I really do not understand...
    Thanks in advance!
    (I don't want to report an error before being absolutelly sure that it is an actual error and that I know exactly what i'm talking about in the report...)
    -- EDIT --
    I just did a "normal" test-install of arch64-net in a VM, i.e. without using AIF's automatic procedure, and just selected the core repo and to install base(wget depends on ca-certificates), and in the output there where reported:
    Installing ca-certificates... Error: Command failed to execute correctly.
    There weren't anything more specific in /var/log/{pacman,aif}.log about this, and again there where no ca-certificates.crt generated, and it first appeared after manually running update-ca-certificates post-install...
    I'm gonna make a bug-report on the bugtracker now then...
    Last edited by mhertz (2011-12-21 03:16:40)

  • Iphones and user identity certs

    successful in implementing client based authentication with the iPhone and Exchange 2003 (or 2007 for that matter)?
    Our current implementation requires Windows Mobile devices to obtain a client certificate on the users behalf and then upload it to the phone. Our ISA server then presents this to the exchange server then requires the device to present the client certificate before letting them in. the goal is single sign on via user cert. we are moving to all I-phones from mobile 6 devices.
    This is working on the Windows Mobile side, but is not working on the iPhone side.
    the root certs and user certs are installed on the Iphone, but when you connect to the server can verify exchange account.
    we run 2 servers one for OWA/activsync with user ID and password no user cert work fine, If I move the iphone to our second server which is cert only authentication no go on the Iphones, but mobile seems to work fine. just bought 120 Iphones need to figure this out.

    Hi GerardVU4,
    Thank you for your post.
    Is it by design that all authentication requests handled, are changed to MAC Address Authentication?
    To always use the MAC address as the user identity, on the NPS server set the Override User-Name registry value to 1.
    If you set Override User-Name to 1 and the User Identity Attribute to 31, the authenticating server can perform
    only Automatic Number Identification/Calling Line Identification (ANI/CLI)-based authentication. Normal authentication by using authentication protocols, such as Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) and Extensible
    Authentication Protocol (EAP), is disabled.
    So please remove Override User-Name registry entry on your NPS server first.
    Do we need separate NPS servers, one for MAC based authentication and one for A.D. account authentication?
    No, you could set up three Network Access Policies on same NPS server.
    Network Access Policies based on MAC Address, just select Authentication Methods PAP in policy Constraints TAB.
    Network Access Policies based on Active Directory Account, Keep the default Authentication Methods MS-CHAP-v2& MS-CHAP.
    If there are more inquiries on this issue, please feel free to let us know.
    Regards,
    Rick Tan

  • 2012R2 RDS SSL Cert mismatch Issue on alternate port

    Hi,I am trying to setup RDS on 2012R2.I only have a single public IP and i already have 443 SSL sent to the Exchange server using a GoDaddy cert for that.Ive got another GoDaddy cert for RDS thats running on a stand alone server.I have changed the RD Gateway to use port 444 for https.Ive added a firewall rule to send 444 to my TS.I can hit https://url:444/rdweb fine - no certificate error, it picks up the correct cert.I can login fine.I try to run a remote app, provide domain creds and then it errors with:Your computer can’t connect to the remote computer because the Remote Desktop Gateway servers address requested and the certificate subject name do not match. Contact your network administrator for assistanceSo it appears at the point of launching the app that its reverting back to 443 and picking up my exchange SSL cert instead....
    This topic first appeared in the Spiceworks Community

    Hi,I am trying to setup RDS on 2012R2.I only have a single public IP and i already have 443 SSL sent to the Exchange server using a GoDaddy cert for that.Ive got another GoDaddy cert for RDS thats running on a stand alone server.I have changed the RD Gateway to use port 444 for https.Ive added a firewall rule to send 444 to my TS.I can hit https://url:444/rdweb fine - no certificate error, it picks up the correct cert.I can login fine.I try to run a remote app, provide domain creds and then it errors with:Your computer can’t connect to the remote computer because the Remote Desktop Gateway servers address requested and the certificate subject name do not match. Contact your network administrator for assistanceSo it appears at the point of launching the app that its reverting back to 443 and picking up my exchange SSL cert instead....
    This topic first appeared in the Spiceworks Community

  • Http Analyzer connecting to server with self-signed SSL cert

    When making webservice calls using Axis 1.3 to our development site that uses a self-signed SSL cert I am getting the following error when running the Http Analyzer:
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    Works fine if I turn off proxy in run configuration for project or when used against a site with a purchased cert. I assume the problem is with Http Analyzer not being able to find the server cert in a local keystore, is there a way to import the cert so that I can run Http Analyzer against the site?
    Tried adding server cert to <jdkhome>/jre/lib/security/cacerts keystore but still have the problem.
    Am using JDeveloper 10.1.3.
    Thanks,
    John

    I fixed that by getting certs from: https://www.startssl.com/?app=1.
    The certs are free and work fine.
    Since Iphone 4 apple does not accept unknown CA Authorities.

Maybe you are looking for

  • Black Ink won't print & "Ink System Failure"

    I have a 3 year old HP Photosmart Plus e-ALL-IN-ONE B210, Product # CN217A.  I was doing a lot of printing yesterday, noticing that I was getting low on Black ink.  Then I got a very light page and changed the black ink cartridge.  I installed it and

  • Upgrade of Designer repository from 6i to latest version

    Is the designer repository supported in a 10gR2 database? We plan to upgrade to the latest developer suite and i'm working on a POC. I've upgraded the repository database to 10gR2. Now, i plan to install the latest version of developer suite on a cli

  • Array of structure

    can i declare a structure as in C language, then to use it as an array..... but this time i want to use java.... how can this be done... let say my structure have studid and age, i want my array to be of size 3.... pls help

  • 64 gb iPhone 5 with a cracked screen

    How much will it cost to have the screen fixed or to have the phone replaced? I do not have apple care.

  • Pull unique result in RKF

    Hi all, I have a query issue that I've been trying to solve. I have a large query with many Calculated Key Figures that is sliced by Vendor. Each vendor has a Primary Material (navigational attribute of 0VENDOR) & a Cost (calculated key figure). My p