Synchronization failed due to an incorrect SSL certificate common name

Hi. I am trying to get Activesync to work with Exchange 2003 (SBS2k3) and
an i-mate PDA2k. I've searched online for the error I am getting and have
found a number of suggestions but cannot resolve the problem. I have IIS
configured with SSL required for the default website including MS
Activesync, Exchange and OMA etc.

I have installed our domain certificate on the PDA as a root certificate.
At the moment if I remove the SSL requirement from the Default web site, and
configure the PDA not to use SSL, I can get the PDA to sync without problem.
But if I enable SSL on both server and client the sync fails with
"Synchronization failed due to an incorrect SSL certificate common name".

The only part of this process which didn't work as expected was importing
the domain certificate into the PDA. I copied the SBS2k3 generated
certificate from the C:\ClientApps\SBScert to the PDA. On trying to import
it I got the error "Cannot access certificate". In the end I exported the
domain certificate from a workstation, copied it to the PDA and it imported
without problem. I've checked the certificate and it is identical to the
SBS2k3 cert, but I'm still suspicious this is related

Can anyone point me in the right direction on the best way to

--
Thanks,
Stuart Mackie [MCP, MSP]
www.stu.uk.com

Hi,
Try "If you see an error INTERNET_45 which means that the "security
certificate on the server is invalid" it may be because you are using a self
generated certificate instead of one that is issued by a trusted authority
like Verisign. (The Pocket PC was checking to make sure that the
certificate was official). To sync with the self generated certificate,
Run CERTCHK.EXE off or install the AS_Cert_Off.cab on the Pocket PC, and
then you should connect fine. For users of Exchange 2003, you need to
download DisableCertChk.exe
http://www.microsoft.com/downloads/d...displaylang=en
to test without a digital certificate. " from the ActiveSync Troubleshooting
Guide
http://www.cewindows.net/faqs/active...ation%20Server


--
Chris De Herrera
http://www.cewindows.net
http://www.tabletpctalk.com
http://www.pocketpctalk.com
http://www.mobilitytalk.com

"Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
wrote in message news:...
> Hi. I am trying to get Activesync to work with Exchange 2003 (SBS2k3) and
> an i-mate PDA2k. I've searched online for the error I am getting and have
> found a number of suggestions but cannot resolve the problem. I have IIS
> configured with SSL required for the default website including MS
> Activesync, Exchange and OMA etc.
>
> I have installed our domain certificate on the PDA as a root certificate.
> At the moment if I remove the SSL requirement from the Default web site,
> and configure the PDA not to use SSL, I can get the PDA to sync without
> problem. But if I enable SSL on both server and client the sync fails with
> "Synchronization failed due to an incorrect SSL certificate common name".
>
> The only part of this process which didn't work as expected was importing
> the domain certificate into the PDA. I copied the SBS2k3 generated
> certificate from the C:\ClientApps\SBScert to the PDA. On trying to
> import it I got the error "Cannot access certificate". In the end I
> exported the domain certificate from a workstation, copied it to the PDA
> and it imported without problem. I've checked the certificate and it is
> identical to the SBS2k3 cert, but I'm still suspicious this is related
>
> Can anyone point me in the right direction on the best way to
>
> --
> Thanks,
> Stuart Mackie [MCP, MSP]
> www.stu.uk.com
>
>

Hi Chris, thanks for your response. I have downloaded and tested the
software for disabling the SSL checking. If I disable SSL checking, the PDA
will sync with SSL enabled.

The problem now is I can't work out which certificate is the correct one to
export from my SBS2k3 server, or what I'm doing wrong I've exported the
domain/server certificate which is listed in the Trusted Root Certificate
Authorities on the server and workstations, and imported it into the PDA,
but still get the SSL error message if SSL checking is enabled.

--
Thanks,
Stuart Mackie [MCP, MSP]
www.stu.uk.com


"Chris De Herrera" <> wrote in message
news:...
> Hi,
> Try "If you see an error INTERNET_45 which means that the "security
> certificate on the server is invalid" it may be because you are using a
> self generated certificate instead of one that is issued by a trusted
> authority like Verisign. (The Pocket PC was checking to make sure that
> the certificate was official). To sync with the self generated
> certificate, Run CERTCHK.EXE off or install the AS_Cert_Off.cab on the
> Pocket PC, and then you should connect fine. For users of Exchange 2003,
> you need to download DisableCertChk.exe
> http://www.microsoft.com/downloads/d...displaylang=en
> to test without a digital certificate. " from the ActiveSync
> Troubleshooting Guide
> http://www.cewindows.net/faqs/active...ation%20Server
>
>
> --
> Chris De Herrera
> http://www.cewindows.net
> http://www.tabletpctalk.com
> http://www.pocketpctalk.com
> http://www.mobilitytalk.com
>
> "Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
> wrote in message news:...
>> Hi. I am trying to get Activesync to work with Exchange 2003 (SBS2k3)
>> and an i-mate PDA2k. I've searched online for the error I am getting and
>> have found a number of suggestions but cannot resolve the problem. I
>> have IIS configured with SSL required for the default website including
>> MS Activesync, Exchange and OMA etc.
>>
>> I have installed our domain certificate on the PDA as a root certificate.
>> At the moment if I remove the SSL requirement from the Default web site,
>> and configure the PDA not to use SSL, I can get the PDA to sync without
>> problem. But if I enable SSL on both server and client the sync fails
>> with "Synchronization failed due to an incorrect SSL certificate common
>> name".
>>
>> The only part of this process which didn't work as expected was importing
>> the domain certificate into the PDA. I copied the SBS2k3 generated
>> certificate from the C:\ClientApps\SBScert to the PDA. On trying to
>> import it I got the error "Cannot access certificate". In the end I
>> exported the domain certificate from a workstation, copied it to the PDA
>> and it imported without problem. I've checked the certificate and it is
>> identical to the SBS2k3 cert, but I'm still suspicious this is related
>>
>> Can anyone point me in the right direction on the best way to
>>
>> --
>> Thanks,
>> Stuart Mackie [MCP, MSP]
>> www.stu.uk.com
>>
>>
>
>

Hi,
From what I understand the SSL checking means that the certificate is
checked against the publicly issued certificates of vendors like Verisign.
Since you are locally signing the certificate it doesn't make sense to check
it since it will fail.


--
Chris De Herrera
http://www.cewindows.net
http://www.tabletpctalk.com
http://www.pocketpctalk.com
http://www.mobilitytalk.com

"Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
wrote in message news:...
> Hi Chris, thanks for your response. I have downloaded and tested the
> software for disabling the SSL checking. If I disable SSL checking, the
> PDA will sync with SSL enabled.
>
> The problem now is I can't work out which certificate is the correct one
> to export from my SBS2k3 server, or what I'm doing wrong I've exported
> the domain/server certificate which is listed in the Trusted Root
> Certificate Authorities on the server and workstations, and imported it
> into the PDA, but still get the SSL error message if SSL checking is
> enabled.
>
> --
> Thanks,
> Stuart Mackie [MCP, MSP]
> www.stu.uk.com
>
>
> "Chris De Herrera" <> wrote in message
> news:...
>> Hi,
>> Try "If you see an error INTERNET_45 which means that the "security
>> certificate on the server is invalid" it may be because you are using a
>> self generated certificate instead of one that is issued by a trusted
>> authority like Verisign. (The Pocket PC was checking to make sure that
>> the certificate was official). To sync with the self generated
>> certificate, Run CERTCHK.EXE off or install the AS_Cert_Off.cab on the
>> Pocket PC, and then you should connect fine. For users of Exchange 2003,
>> you need to download DisableCertChk.exe
>> http://www.microsoft.com/downloads/d...displaylang=en
>> to test without a digital certificate. " from the ActiveSync
>> Troubleshooting Guide
>> http://www.cewindows.net/faqs/active...ation%20Server
>>
>>
>> --
>> Chris De Herrera
>> http://www.cewindows.net
>> http://www.tabletpctalk.com
>> http://www.pocketpctalk.com
>> http://www.mobilitytalk.com
>>
>> "Stuart Mackie [MCP, MSP]" <newsgroups@--REMOVE_THIS-NO_SPAM--stu.uk.com>
>> wrote in message news:...
>>> Hi. I am trying to get Activesync to work with Exchange 2003 (SBS2k3)
>>> and an i-mate PDA2k. I've searched online for the error I am getting
>>> and have found a number of suggestions but cannot resolve the problem.
>>> I have IIS configured with SSL required for the default website
>>> including MS Activesync, Exchange and OMA etc.
>>>
>>> I have installed our domain certificate on the PDA as a root
>>> certificate. At the moment if I remove the SSL requirement from the
>>> Default web site, and configure the PDA not to use SSL, I can get the
>>> PDA to sync without problem. But if I enable SSL on both server and
>>> client the sync fails with "Synchronization failed due to an incorrect
>>> SSL certificate common name".
>>>
>>> The only part of this process which didn't work as expected was
>>> importing the domain certificate into the PDA. I copied the SBS2k3
>>> generated certificate from the C:\ClientApps\SBScert to the PDA. On
>>> trying to import it I got the error "Cannot access certificate". In the
>>> end I exported the domain certificate from a workstation, copied it to
>>> the PDA and it imported without problem. I've checked the certificate
>>> and it is identical to the SBS2k3 cert, but I'm still suspicious this is
>>> related
>>>
>>> Can anyone point me in the right direction on the best way to
>>>
>>> --
>>> Thanks,
>>> Stuart Mackie [MCP, MSP]
>>> www.stu.uk.com
>>>
>>>
>>
>>
>
>