Trusted Cert Woes on SBS 2008

I am about to lose my sanity over this. I have a UC cert from Go Daddy. I have the subject alternative name listed on the cert for the server name. I have run the certificate wizard to import the go daddy cert and it is trusted. I have run the connect to internet wizard and that is working. My RWW works just fine. I used the install package for connecting the computers to the domain and that went fine. I continue to get the name on the security certificate is invalid. Sites is listed on the nag screen and that resolves back to the server name, which is listed as the subject alternative name. I have been working with Exchange2007 for 3 years now and got through this issue with the SAN cert. I think this may be a Windows 2008 sbs issue. Please help.



Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
02-Oct-09

That I did not know. Thanks!

Ace

Previous Posts In This Thread:

On Tuesday, September 29, 2009 8:12 PM
Bill Glidden wrote:

Trusted Cert Woes on SBS 2008
I decided to install a trusted cert from GoDaddy to make access to RWW,
OWA and Outlook Anywhere more user-friendly. I used:
http://smbtn.wordpress.com/2009/02/1...e-on-sbs-2008/
for my first few attempts (installing the intermediate bundle) and when
I had issues with this, I eventually used:
http://blogs.technet.com/sbs/archive...-sbs-2008.aspx
I have had several goes at this (using re-keyed certs)always with the
same results:

1. The trusted certificate never appears for selection as the preferred
certificate in the Certificate Wizard(only self-signed certs are
displayed). In the SBS Console, Network/Connectivity/Web Server
Certificate is showing the trusted cert from GoDaddy.

2. When I launch Outlook 2007, I get two Security Alerts from the site
remote.glidden.net.au. View Certificate shows the name of the trusted
cert office.glidden.net.au. This happens on PCs that are not using
Outlook Anywhere as well.

Otherwise the trusted certificate is functioning: no certificate warning
nags in RWW, OWA or Company Website.

A clue to all this is that the name of the trusted cert is different to
the self-signed one. Also, I run the fix my network wizard it tells me
that the trusted certificate has expired and removes it if checked.
I am new to and pretty clueless with certs: this is the first time i
have tried to install a trusted cert.

SBS BPA finds no issues.

Can someone please help me to sort this? Driving me bananas.

On Tuesday, September 29, 2009 10:46 PM
Les Connor [SBS MVP] wrote:

Re: Trusted Cert Woes on SBS 2008
Hi Bill,

I am assuming you use https://remote.blah.blah/remote or /owa to acces your
SBS, but your cert is for office.blah.blah.

If you use https://office.blah.blah/remote, your cert matches and you get no
warning. I looked at your cert, and it looks fine.


--
-----------------------------------------------
Les Connor [SBS MVP]

On Tuesday, September 29, 2009 10:48 PM
Les Connor [SBS MVP] wrote:

ps, you can change remote.blah.blah to office.blah.
ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard by
selecting the 'advanced' button. 'remote' is the default prefix.

--
-----------------------------------------------
Les Connor [SBS MVP]

On Tuesday, September 29, 2009 11:14 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:
Hi Les,

No. I use either remote or office, and want to use office only, but i
get the same result with either. I know there is no error when I use
/owa or /remote. I am only seeing the Outlook security warning.

On Tuesday, September 29, 2009 11:15 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:
I missed that Advanced button... Will go there and do that. Thanks, Les.

On Wednesday, September 30, 2009 12:39 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:

Les, I did that and interestingly, it made one of the Security Alerts go
away. Still got one. Will multiple office.glidden.net.au GoDaddy certs
be a problem or is only one of these active?

On Wednesday, September 30, 2009 1:00 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:
Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
can also see the for GoDaddy certs that I installed during the saga. All
have type=unknown. AND no more Outlook Security nags.

Thanks for helping me sort this and pointing me in the general direction
of SBS Console, Advanced Mode!

Cheers,
Bill

On Wednesday, September 30, 2009 10:31 AM
Les Connor [SBS MVP] wrote:

Good stuff, Bill - glad you got it sorted.
Good stuff, Bill - glad you got it sorted.

Key is the name in the cert must match the url/site you are accessing. You
can get a cert for multiple sites but in this instance you only need

--
-----------------------------------------------
Les Connor [SBS MVP]

On Wednesday, September 30, 2009 4:40 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
Les, with an Exchange UC/SAN certificate, you can add those names into one
cert. The one certificate will allow multiple names added into the
certificate in what is called a subjective alternate names list. Once you have
purchased, or have your current certs modified or combined into one
certificate by GoDaddy (Exchange can use a single cert with multiple names
and they should be able to combine all of them into one for you and pro-rate
the price), you can use the Exchange PowerShell Commands to add the services
the cert will be used for.

Read the following for more info. I also just added a step-by-step in the
blog, today, to illustrate how to request and import the new cert, as well
as how to enable the use of the cert for other services, such as IIS, SMTP,
IMAP, POP, etc. Enabling it for IIS will work for what you want, as long as
the names that you need, such as rww.domain.com, office.domain.com, or
whatever else you need, is in the certificate subject alternate names list.
The manual methods work with SBS 2008, too.

Exchange 2007 UC/SAN Certificate
http://msmvps.com/blogs/acefekay/arc...rtificate.aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

On Wednesday, September 30, 2009 4:41 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
I meant to address my last post to Bill, not Les. Sorry....

On Wednesday, September 30, 2009 5:18 PM
Les Connor [SBS MVP] wrote:

Good stuff, thanks Ace.
Good stuff, thanks Ace.

I am the guy that is never used a 3rd party cert, ever, with SBS ;-). Always
used the self signed certs, and always able to make them do. Worst case is
locked mobile devices, but that is worked around by converting the cert to a
...cab file.

--
-----------------------------------------------
Les Connor [SBS MVP]

On Wednesday, September 30, 2009 5:18 PM
Les Connor [SBS MVP] wrote:

no worries, we're all in this together ;-)--
no worries, we are all in this together ;-)

--
-----------------------------------------------
Les Connor [SBS MVP]

On Thursday, October 01, 2009 12:47 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
Cool, yes we are! :-)

Thanks!

On Thursday, October 01, 2009 12:55 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
For my own Ex2007, I never bought a public cert, but I have not any cases
where I would need it. When connecting to OWA, I would just click on the
trust this cert message. However, I just replaced my BB with an HTC Touch
Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
iPhone, brighter, too! However, it is Windows Mobile. Guess what? Cert issue
time! So instead of dealing with the cert, I thought let me just get a
single name cert (non UC/SAN) and see if it works. Since I set this domain
up back in 1999 when AD first came out, the mindset and consensus was to use
your public name, so I never changed that. it is only me and a few people
that use the domain. So I figured, what the heck, a single name cert would
work internally and externally for mail.mydomain.com, and I have the same
record created internally. Well, the thing worked fine with the Windows
mobile. It synched up fine. It also works fine for my OWA site, since you
can enable that in Exchange to use the cert for other purposes other than
just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will
have an issue with Outlook Anywhere due to the Autodiscover record, but I
don;t use that anyway. If it comes down to it, and I need that function, I
will dish out the extra $$ for a UC/SAN cert. And here I am using a single
cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my
customers. I figured if they ever need the other functionality, I don;t want
to deal with installing certs on their mobile units, or some of their remote
employees that hardly come into the office and are using Outlook Anywhere.

I guess you can call me the landscaper with the tallest lawn on the block!

Ace

On Thursday, October 01, 2009 9:14 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Ace Fekay [MCT] wrote:
Thanks for all the good info, Ace.

Bill

On Thursday, October 01, 2009 4:21 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
You are welcome!

Ace

On Thursday, October 01, 2009 5:30 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Ace Fekay [MCT] wrote:
Thanks for all the good info, Ace.

Bill

On Friday, October 02, 2009 12:31 AM
Les Connor [SBS MVP] wrote:

SBS 2k8 deploys the self signed cert onto WM6 automatically.
SBS 2k8 deploys the self signed cert onto WM6 automatically. I have an HTC
diamond touch, no issues at all.

--
-----------------------------------------------
Les Connor [SBS MVP]

On Friday, October 02, 2009 12:33 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
You are welcome!

Ace

On Friday, October 02, 2009 12:46 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
That I did not know. Thanks!

Ace

EggHeadCafe - Software Developer Portal of Choice
Serialize/Deserialize .NET Classes to SQL Server
http://www.eggheadcafe.com/tutorials...ialize-ne.aspx

"Todd Wagner" wrote in message news:...

Take a look at the video tutorials to see if you missed something at this
link:

Screencast: How to Install GoDaddy Multiple Domain (UCC) SSL Certificate in
Exchange Server 2007
http://www.netometer.com/video/tutor...-windows-2008/

If that doesn't help you, re-read my blog on how to do it manually. I posted
it earlier (bottom of this post), however, here it is for your convenience:

Exchange 2007 UC/SAN Certificate
http://msmvps.com/blogs/acefekay/arc...rtificate.aspx

Ace


>I am about to lose my sanity over this. I have a UC cert from Go Daddy. I
>have the subject alternative name listed on the cert for the server name.
>I have run the certificate wizard to import the go daddy cert and it is
>trusted. I have run the connect to internet wizard and that is working.
>My RWW works just fine. I used the install package for connecting the
>computers to the domain and that went fine. I continue to get the name on
>the security certificate is invalid. Sites is listed on the nag screen and
>that resolves back to the server name, which is listed as the subject
>alternative name. I have been working with Exchange2007 for 3 years now
>and got through this issue with the SAN cert. I think this may be a
>Windows 2008 sbs issue. Please help.
>
>
>
> Ace Fekay [MCT] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> 02-Oct-09
>
> That I did not know. Thanks!
>
> Ace
>
> Previous Posts In This Thread:
>
> On Tuesday, September 29, 2009 8:12 PM
> Bill Glidden wrote:
>
> Trusted Cert Woes on SBS 2008
> I decided to install a trusted cert from GoDaddy to make access to RWW,
> OWA and Outlook Anywhere more user-friendly. I used:
> http://smbtn.wordpress.com/2009/02/1...e-on-sbs-2008/
> for my first few attempts (installing the intermediate bundle) and when
> I had issues with this, I eventually used:
> http://blogs.technet.com/sbs/archive...-sbs-2008.aspx
> I have had several goes at this (using re-keyed certs)always with the
> same results:
>
> 1. The trusted certificate never appears for selection as the preferred
> certificate in the Certificate Wizard(only self-signed certs are
> displayed). In the SBS Console, Network/Connectivity/Web Server
> Certificate is showing the trusted cert from GoDaddy.
>
> 2. When I launch Outlook 2007, I get two Security Alerts from the site
> remote.glidden.net.au. View Certificate shows the name of the trusted
> cert office.glidden.net.au. This happens on PCs that are not using
> Outlook Anywhere as well.
>
> Otherwise the trusted certificate is functioning: no certificate warning
> nags in RWW, OWA or Company Website.
>
> A clue to all this is that the name of the trusted cert is different to
> the self-signed one. Also, I run the fix my network wizard it tells me
> that the trusted certificate has expired and removes it if checked.
> I am new to and pretty clueless with certs: this is the first time i
> have tried to install a trusted cert.
>
> SBS BPA finds no issues.
>
> Can someone please help me to sort this? Driving me bananas.
>
> On Tuesday, September 29, 2009 10:46 PM
> Les Connor [SBS MVP] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Hi Bill,
>
> I am assuming you use https://remote.blah.blah/remote or /owa to acces
> your
> SBS, but your cert is for office.blah.blah.
>
> If you use https://office.blah.blah/remote, your cert matches and you get
> no
> warning. I looked at your cert, and it looks fine.
>
>
> --
> -----------------------------------------------
> Les Connor [SBS MVP]
>
> On Tuesday, September 29, 2009 10:48 PM
> Les Connor [SBS MVP] wrote:
>
> ps, you can change remote.blah.blah to office.blah.
> ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard
> by
> selecting the 'advanced' button. 'remote' is the default prefix.
>
> --
> -----------------------------------------------
> Les Connor [SBS MVP]
>
> On Tuesday, September 29, 2009 11:14 PM
> Bill Glidden wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Les Connor [SBS MVP] wrote:
> Hi Les,
>
> No. I use either remote or office, and want to use office only, but i
> get the same result with either. I know there is no error when I use
> /owa or /remote. I am only seeing the Outlook security warning.
>
> On Tuesday, September 29, 2009 11:15 PM
> Bill Glidden wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Les Connor [SBS MVP] wrote:
> I missed that Advanced button... Will go there and do that. Thanks, Les.
>
> On Wednesday, September 30, 2009 12:39 AM
> Bill Glidden wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Les Connor [SBS MVP] wrote:
>
> Les, I did that and interestingly, it made one of the Security Alerts go
> away. Still got one. Will multiple office.glidden.net.au GoDaddy certs
> be a problem or is only one of these active?
>
> On Wednesday, September 30, 2009 1:00 AM
> Bill Glidden wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Les Connor [SBS MVP] wrote:
> Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
> can also see the for GoDaddy certs that I installed during the saga. All
> have type=unknown. AND no more Outlook Security nags.
>
> Thanks for helping me sort this and pointing me in the general direction
> of SBS Console, Advanced Mode!
>
> Cheers,
> Bill
>
> On Wednesday, September 30, 2009 10:31 AM
> Les Connor [SBS MVP] wrote:
>
> Good stuff, Bill - glad you got it sorted.
> Good stuff, Bill - glad you got it sorted.
>
> Key is the name in the cert must match the url/site you are accessing. You
> can get a cert for multiple sites but in this instance you only need
>
> --
> -----------------------------------------------
> Les Connor [SBS MVP]
>
> On Wednesday, September 30, 2009 4:40 PM
> Ace Fekay [MCT] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Les, with an Exchange UC/SAN certificate, you can add those names into one
> cert. The one certificate will allow multiple names added into the
> certificate in what is called a subjective alternate names list. Once you
> have
> purchased, or have your current certs modified or combined into one
> certificate by GoDaddy (Exchange can use a single cert with multiple names
> and they should be able to combine all of them into one for you and
> pro-rate
> the price), you can use the Exchange PowerShell Commands to add the
> services
> the cert will be used for.
>
> Read the following for more info. I also just added a step-by-step in the
> blog, today, to illustrate how to request and import the new cert, as well
> as how to enable the use of the cert for other services, such as IIS,
> SMTP,
> IMAP, POP, etc. Enabling it for IIS will work for what you want, as long
> as
> the names that you need, such as rww.domain.com, office.domain.com, or
> whatever else you need, is in the certificate subject alternate names
> list.
> The manual methods work with SBS 2008, too.
>
> Exchange 2007 UC/SAN Certificate
> http://msmvps.com/blogs/acefekay/arc...rtificate.aspx
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among
> responding engineers, and to help others benefit from your resolution.
>
> Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
> Messaging
> Microsoft Certified Trainer
>
> For urgent issues, please contact Microsoft PSS directly. Please check
> http://support.microsoft.com for regional support phone numbers.
>
> On Wednesday, September 30, 2009 4:41 PM
> Ace Fekay [MCT] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> I meant to address my last post to Bill, not Les. Sorry....
>
> On Wednesday, September 30, 2009 5:18 PM
> Les Connor [SBS MVP] wrote:
>
> Good stuff, thanks Ace.
> Good stuff, thanks Ace.
>
> I am the guy that is never used a 3rd party cert, ever, with SBS ;-).
> Always
> used the self signed certs, and always able to make them do. Worst case is
> locked mobile devices, but that is worked around by converting the cert to
> a
> .cab file.
>
> --
> -----------------------------------------------
> Les Connor [SBS MVP]
>
> On Wednesday, September 30, 2009 5:18 PM
> Les Connor [SBS MVP] wrote:
>
> no worries, we're all in this together ;-)--
> no worries, we are all in this together ;-)
>
> --
> -----------------------------------------------
> Les Connor [SBS MVP]
>
> On Thursday, October 01, 2009 12:47 AM
> Ace Fekay [MCT] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Cool, yes we are! :-)
>
> Thanks!
>
> On Thursday, October 01, 2009 12:55 AM
> Ace Fekay [MCT] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> For my own Ex2007, I never bought a public cert, but I have not any cases
> where I would need it. When connecting to OWA, I would just click on the
> trust this cert message. However, I just replaced my BB with an HTC Touch
> Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
> iPhone, brighter, too! However, it is Windows Mobile. Guess what? Cert
> issue
> time! So instead of dealing with the cert, I thought let me just get a
> single name cert (non UC/SAN) and see if it works. Since I set this domain
> up back in 1999 when AD first came out, the mindset and consensus was to
> use
> your public name, so I never changed that. it is only me and a few people
> that use the domain. So I figured, what the heck, a single name cert
> would
> work internally and externally for mail.mydomain.com, and I have the same
> record created internally. Well, the thing worked fine with the Windows
> mobile. It synched up fine. It also works fine for my OWA site, since you
> can enable that in Exchange to use the cert for other purposes other than
> just internally, such as for IIS, SMTP, IMAP and POP. However, I know I
> will
> have an issue with Outlook Anywhere due to the Autodiscover record, but I
> don;t use that anyway. If it comes down to it, and I need that function, I
> will dish out the extra $$ for a UC/SAN cert. And here I am using a single
> cert for limited capabilities, but I keep pushing to get a UC/SAN cert to
> my
> customers. I figured if they ever need the other functionality, I don;t
> want
> to deal with installing certs on their mobile units, or some of their
> remote
> employees that hardly come into the office and are using Outlook Anywhere.
>
> I guess you can call me the landscaper with the tallest lawn on the block!
>
> Ace
>
> On Thursday, October 01, 2009 9:14 AM
> Bill Glidden wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Ace Fekay [MCT] wrote:
> Thanks for all the good info, Ace.
>
> Bill
>
> On Thursday, October 01, 2009 4:21 PM
> Ace Fekay [MCT] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> You are welcome!
>
> Ace
>
> On Thursday, October 01, 2009 5:30 PM
> Bill Glidden wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> Ace Fekay [MCT] wrote:
> Thanks for all the good info, Ace.
>
> Bill
>
> On Friday, October 02, 2009 12:31 AM
> Les Connor [SBS MVP] wrote:
>
> SBS 2k8 deploys the self signed cert onto WM6 automatically.
> SBS 2k8 deploys the self signed cert onto WM6 automatically. I have an HTC
> diamond touch, no issues at all.
>
> --
> -----------------------------------------------
> Les Connor [SBS MVP]
>
> On Friday, October 02, 2009 12:33 AM
> Ace Fekay [MCT] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> You are welcome!
>
> Ace
>
> On Friday, October 02, 2009 12:46 AM
> Ace Fekay [MCT] wrote:
>
> Re: Trusted Cert Woes on SBS 2008
> That I did not know. Thanks!
>
> Ace
>
> EggHeadCafe - Software Developer Portal of Choice
> Serialize/Deserialize .NET Classes to SQL Server
> http://www.eggheadcafe.com/tutorials...ialize-ne.aspx

I went through the installing a godaddy cert and reconfigured outlook to make the cert primary with the 4 services and adjusted my urls within Exchange. When I launch outlook, it still comes up with the error with Sites listed security alert. i also created the split DNS as well. I don't know what to check now. This is getting old. Any further advice, or is a call into microsoft needed?



Todd Wagner wrote:

Cert Error
08-Nov-09

I am about to lose my sanity over this. I have a UC cert from Go Daddy. I have the subject alternative name listed on the cert for the server name. I have run the certificate wizard to import the go daddy cert and it is trusted. I have run the connect to internet wizard and that is working. My RWW works just fine. I used the install package for connecting the computers to the domain and that went fine. I continue to get the name on the security certificate is invalid. Sites is listed on the nag screen and that resolves back to the server name, which is listed as the subject alternative name. I have been working with Exchange2007 for 3 years now and got through this issue with the SAN cert. I think this may be a Windows 2008 sbs issue. Please help.

Previous Posts In This Thread:

EggHeadCafe - Software Developer Portal of Choice
IDisposable, Destructors, Finalizers and Garbage
http://www.eggheadcafe.com/tutorials...structors.aspx

I also recently migrated from SBS2003 to SBS2008 using a swing kit I purchased. For the most part, everything has worked beautifully. One change, though, was that previously, we had just used a self-signed certificate that I always had to manually install on our smart phones (moto-q's and htc touches). I went ahead and purchased a certificate from Verisign and installed it using the request/complete certificate wizard in IIS. Then ran the "configure certificates" wizard in the SBS console and successfully configured that certificate for remote.ogequip.com. The remote site, including /exchange all show a valid certificate. But our smartphones continue to show certificate errors. I have even manually installed the cert on them and it makes no diff.

https://www.testexchangeconnectivity.com/ ran a test and gave the following errors:

Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.

Test Steps

Validating certificate name
Successfully validated the certificate name

Additional Details
Found hostname remote.ogequip.com in Certificate Subject Common name
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed
Tell me more about this issue and how to resolve it

Additional Details
The certificate chain did not end in a trusted root. Root = OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

The link that error leads to indicates that it cannot follow the certificate chain to a trusted authority. But I am unable to figure out how to fix this. I have been reading numerous blogs and technical articles that give different suggestions (such as working in the exchange power shell) but there are quite a few and I don't want to break existing functionality doing them. OWA works. The site shows secure in explorer. It's only activesync that fails. Plus, if it were this complicated to configure, why wouldn't the import cert wizard not take care of all of this? If it was configuring for all the other remote sites, why not OMA functionality? Obviously, I am missing something.

Does anyone have any suggestions?

thanks.



Todd Wagner wrote:

Continue to get the cert error
09-Nov-09

I went through the installing a godaddy cert and reconfigured outlook to make the cert primary with the 4 services and adjusted my urls within Exchange. When I launch outlook, it still comes up with the error with Sites listed security alert. i also created the split DNS as well. I don't know what to check now. This is getting old. Any further advice, or is a call into microsoft needed?

Previous Posts In This Thread:

On Tuesday, September 29, 2009 8:12 PM
Bill Glidden wrote:

Trusted Cert Woes on SBS 2008
I decided to install a trusted cert from GoDaddy to make access to RWW
OWA and Outlook Anywhere more user-friendly. I used:
http://smbtn.wordpress.com/2009/02/1...e-on-sbs-2008/
for my first few attempts (installing the intermediate bundle) and when
I had issues with this, I eventually used:
http://blogs.technet.com/sbs/archive...-sbs-2008.aspx
I have had several goes at this (using re-keyed certs)always with the
same results:

1. The trusted certificate never appears for selection as the preferred
certificate in the Certificate Wizard(only self-signed certs are
displayed). In the SBS Console, Network/Connectivity/Web Server
Certificate is showing the trusted cert from GoDaddy.

2. When I launch Outlook 2007, I get two Security Alerts from the site
remote.glidden.net.au. View Certificate shows the name of the trusted
cert office.glidden.net.au. This happens on PCs that are not using
Outlook Anywhere as well.

Otherwise the trusted certificate is functioning: no certificate warning
nags in RWW, OWA or Company Website.

A clue to all this is that the name of the trusted cert is different to
the self-signed one. Also, I run the fix my network wizard it tells me
that the trusted certificate has expired and removes it if checked.
I am new to and pretty clueless with certs: this is the first time i
have tried to install a trusted cert.

SBS BPA finds no issues.

Can someone please help me to sort this? Driving me bananas.

On Tuesday, September 29, 2009 10:46 PM
Les Connor [SBS MVP] wrote:

Re: Trusted Cert Woes on SBS 2008
Hi Bill,

I am assuming you use https://remote.blah.blah/remote or /owa to acces your
SBS, but your cert is for office.blah.blah.

If you use https://office.blah.blah/remote, your cert matches and you get no
warning. I looked at your cert, and it looks fine.


--
-----------------------------------------------
Les Connor [SBS MVP]

On Tuesday, September 29, 2009 10:48 PM
Les Connor [SBS MVP] wrote:

ps, you can change remote.blah.blah to office.blah.
ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard by
selecting the 'advanced' button. 'remote' is the default prefix.

--
-----------------------------------------------
Les Connor [SBS MVP]

On Tuesday, September 29, 2009 11:14 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:
Hi Les,

No. I use either remote or office, and want to use office only, but i
get the same result with either. I know there is no error when I use
/owa or /remote. I am only seeing the Outlook security warning.

On Tuesday, September 29, 2009 11:15 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:
I missed that Advanced button... Will go there and do that. Thanks, Les.

On Wednesday, September 30, 2009 12:39 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:

Les, I did that and interestingly, it made one of the Security Alerts go
away. Still got one. Will multiple office.glidden.net.au GoDaddy certs
be a problem or is only one of these active?

On Wednesday, September 30, 2009 1:00 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:
Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
can also see the for GoDaddy certs that I installed during the saga. All
have type=unknown. AND no more Outlook Security nags.

Thanks for helping me sort this and pointing me in the general direction
of SBS Console, Advanced Mode!

Cheers,
Bill

On Wednesday, September 30, 2009 10:31 AM
Les Connor [SBS MVP] wrote:

Good stuff, Bill - glad you got it sorted.
Good stuff, Bill - glad you got it sorted.

Key is the name in the cert must match the url/site you are accessing. You
can get a cert for multiple sites but in this instance you only need

--
-----------------------------------------------
Les Connor [SBS MVP]

On Wednesday, September 30, 2009 4:40 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
Les, with an Exchange UC/SAN certificate, you can add those names into one
cert. The one certificate will allow multiple names added into the
certificate in what is called a subjective alternate names list. Once you have
purchased, or have your current certs modified or combined into one
certificate by GoDaddy (Exchange can use a single cert with multiple names
and they should be able to combine all of them into one for you and pro-rate
the price), you can use the Exchange PowerShell Commands to add the services
the cert will be used for.

Read the following for more info. I also just added a step-by-step in the
blog, today, to illustrate how to request and import the new cert, as well
as how to enable the use of the cert for other services, such as IIS, SMTP,
IMAP, POP, etc. Enabling it for IIS will work for what you want, as long as
the names that you need, such as rww.domain.com, office.domain.com, or
whatever else you need, is in the certificate subject alternate names list.
The manual methods work with SBS 2008, too.

Exchange 2007 UC/SAN Certificate
http://msmvps.com/blogs/acefekay/arc...rtificate.aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

On Wednesday, September 30, 2009 4:41 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
I meant to address my last post to Bill, not Les. Sorry....

On Wednesday, September 30, 2009 5:18 PM
Les Connor [SBS MVP] wrote:

Good stuff, thanks Ace.
Good stuff, thanks Ace.

I am the guy that is never used a 3rd party cert, ever, with SBS ;-). Always
used the self signed certs, and always able to make them do. Worst case is
locked mobile devices, but that is worked around by converting the cert to a
..cab file.

--
-----------------------------------------------
Les Connor [SBS MVP]

On Wednesday, September 30, 2009 5:18 PM
Les Connor [SBS MVP] wrote:

no worries, we're all in this together ;-)--
no worries, we are all in this together ;-)

--
-----------------------------------------------
Les Connor [SBS MVP]

On Thursday, October 01, 2009 12:47 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
Cool, yes we are! :-)

Thanks!

On Thursday, October 01, 2009 12:55 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
For my own Ex2007, I never bought a public cert, but I have not any cases
where I would need it. When connecting to OWA, I would just click on the
trust this cert message. However, I just replaced my BB with an HTC Touch
Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
iPhone, brighter, too! However, it is Windows Mobile. Guess what? Cert issue
time! So instead of dealing with the cert, I thought let me just get a
single name cert (non UC/SAN) and see if it works. Since I set this domain
up back in 1999 when AD first came out, the mindset and consensus was to use
your public name, so I never changed that. it is only me and a few people
that use the domain. So I figured, what the heck, a single name cert would
work internally and externally for mail.mydomain.com, and I have the same
record created internally. Well, the thing worked fine with the Windows
mobile. It synched up fine. It also works fine for my OWA site, since you
can enable that in Exchange to use the cert for other purposes other than
just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will
have an issue with Outlook Anywhere due to the Autodiscover record, but I
don;t use that anyway. If it comes down to it, and I need that function, I
will dish out the extra $$ for a UC/SAN cert. And here I am using a single
cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my
customers. I figured if they ever need the other functionality, I don;t want
to deal with installing certs on their mobile units, or some of their remote
employees that hardly come into the office and are using Outlook Anywhere.

I guess you can call me the landscaper with the tallest lawn on the block!

Ace

On Thursday, October 01, 2009 9:14 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Ace Fekay [MCT] wrote:
Thanks for all the good info, Ace.

Bill

On Thursday, October 01, 2009 4:21 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
You are welcome!

Ace

On Thursday, October 01, 2009 5:30 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Ace Fekay [MCT] wrote:
Thanks for all the good info, Ace.

Bill

On Friday, October 02, 2009 12:31 AM
Les Connor [SBS MVP] wrote:

SBS 2k8 deploys the self signed cert onto WM6 automatically.
SBS 2k8 deploys the self signed cert onto WM6 automatically. I have an HTC
diamond touch, no issues at all.

--
-----------------------------------------------
Les Connor [SBS MVP]

On Friday, October 02, 2009 12:33 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
You are welcome!

Ace

On Friday, October 02, 2009 12:46 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
That I did not know. Thanks!

Ace

On Sunday, November 08, 2009 8:25 PM
Todd Wagner wrote:

Cert Error
I am about to lose my sanity over this. I have a UC cert from Go Daddy. I have the subject alternative name listed on the cert for the server name. I have run the certificate wizard to import the go daddy cert and it is trusted. I have run the connect to internet wizard and that is working. My RWW works just fine. I used the install package for connecting the computers to the domain and that went fine. I continue to get the name on the security certificate is invalid. Sites is listed on the nag screen and that resolves back to the server name, which is listed as the subject alternative name. I have been working with Exchange2007 for 3 years now and got through this issue with the SAN cert. I think this may be a Windows 2008 sbs issue. Please help.

On Monday, November 09, 2009 8:36 PM
Todd Wagner wrote:

Continue to get the cert error
I went through the installing a godaddy cert and reconfigured outlook to make the cert primary with the 4 services and adjusted my urls within Exchange. When I launch outlook, it still comes up with the error with Sites listed security alert. i also created the split DNS as well. I don't know what to check now. This is getting old. Any further advice, or is a call into microsoft needed?


Submitted via EggHeadCafe - Software Developer Portal of Choice
HTML Hyperlink Obfuscation with Client Script
http://www.eggheadcafe.com/tutorials...bfuscatio.aspx

Les, I created an account here just to say thanks for this tip. I have always purchased certs for my clients with mail.blah.blah so that's what I did with this one using SBS 2008. But then I found that SBS08 uses remote.blah.blah for all of their sites. I was able to get a few things to use the mail cert but couldn't figure out how to change the Sharepoint URL. Too bad I had already spent 15 hours trying to figure this out before stumbling across your post.

Anyone looking for the exact location of this setting:
1. Open Windows SBS Console.
2. Begin "Set up your Internet address" wizard.
3. Click Next, "I already have a domain name that I want to use.", Next, "I want to manage the domain name myself.", Next.
4. Enter your domain name then click "Advanced settings".
5. Change your domain prefix to match your cert.

This will change the SBS websites to use a self-signed cert so you have to run the "Add a trusted certificate" wizard again to use your 3rd party cert for these sites.



Les Connor [SBS MVP] wrote:

ps, you can change remote.blah.blah to office.blah.
29-Sep-09

ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard b
selecting the 'advanced' button. 'remote' is the default prefix

-
----------------------------------------------
Les Connor [SBS MVP]

Previous Posts In This Thread:

On Tuesday, September 29, 2009 8:12 PM
Bill Glidden wrote:

Trusted Cert Woes on SBS 2008
I decided to install a trusted cert from GoDaddy to make access to RWW
OWA and Outlook Anywhere more user-friendly. I used
http://smbtn.wordpress.com/2009/02/1...te-on-sbs-2008
for my first few attempts (installing the intermediate bundle) and whe
I had issues with this, I eventually used
http://blogs.technet.com/sbs/archive...n-sbs-2008.asp
I have had several goes at this (using re-keyed certs)always with th
same results

1. The trusted certificate never appears for selection as the preferre
certificate in the Certificate Wizard(only self-signed certs ar
displayed). In the SBS Console, Network/Connectivity/Web Serve
Certificate is showing the trusted cert from GoDaddy

2. When I launch Outlook 2007, I get two Security Alerts from the sit
remote.glidden.net.au. View Certificate shows the name of the truste
cert office.glidden.net.au. This happens on PCs that are not usin
Outlook Anywhere as well

Otherwise the trusted certificate is functioning: no certificate warnin
nags in RWW, OWA or Company Website

A clue to all this is that the name of the trusted cert is different t
the self-signed one. Also, I run the fix my network wizard it tells m
that the trusted certificate has expired and removes it if checked
I am new to and pretty clueless with certs: this is the first time
have tried to install a trusted cert

SBS BPA finds no issues

Can someone please help me to sort this? Driving me bananas.

On Tuesday, September 29, 2009 10:46 PM
Les Connor [SBS MVP] wrote:

Re: Trusted Cert Woes on SBS 2008
Hi Bill

I am assuming you use https://remote.blah.blah/remote or /owa to acces you
SBS, but your cert is for office.blah.blah

If you use https://office.blah.blah/remote, your cert matches and you get n
warning. I looked at your cert, and it looks fine

-
----------------------------------------------
Les Connor [SBS MVP]

On Tuesday, September 29, 2009 10:48 PM
Les Connor [SBS MVP] wrote:

ps, you can change remote.blah.blah to office.blah.
ps, you can change remote.blah.blah to office.blah.blah in the SBS wizard b
selecting the 'advanced' button. 'remote' is the default prefix

-
----------------------------------------------
Les Connor [SBS MVP]

On Tuesday, September 29, 2009 11:14 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote
Hi Les

No. I use either remote or office, and want to use office only, but
get the same result with either. I know there is no error when I us
/owa or /remote. I am only seeing the Outlook security warning.

On Tuesday, September 29, 2009 11:15 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:
I missed that Advanced button... Will go there and do that. Thanks, Les.

On Wednesday, September 30, 2009 12:39 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:

Les, I did that and interestingly, it made one of the Security Alerts go
away. Still got one. Will multiple office.glidden.net.au GoDaddy certs
be a problem or is only one of these active?

On Wednesday, September 30, 2009 1:00 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Les Connor [SBS MVP] wrote:
Oh, and Les, I can now see and select the Trusted cert in the Wizard. I
can also see the for GoDaddy certs that I installed during the saga. All
have type=unknown. AND no more Outlook Security nags.

Thanks for helping me sort this and pointing me in the general direction
of SBS Console, Advanced Mode!

Cheers,
Bill

On Wednesday, September 30, 2009 10:31 AM
Les Connor [SBS MVP] wrote:

Good stuff, Bill - glad you got it sorted.
Good stuff, Bill - glad you got it sorted.

Key is the name in the cert must match the url/site you are accessing. You
can get a cert for multiple sites but in this instance you only need

--
-----------------------------------------------
Les Connor [SBS MVP]

On Wednesday, September 30, 2009 4:40 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
Les, with an Exchange UC/SAN certificate, you can add those names into one
cert. The one certificate will allow multiple names added into the
certificate in what is called a subjective alternate names list. Once you have
purchased, or have your current certs modified or combined into one
certificate by GoDaddy (Exchange can use a single cert with multiple names
and they should be able to combine all of them into one for you and pro-rate
the price), you can use the Exchange PowerShell Commands to add the services
the cert will be used for.

Read the following for more info. I also just added a step-by-step in the
blog, today, to illustrate how to request and import the new cert, as well
as how to enable the use of the cert for other services, such as IIS, SMTP,
IMAP, POP, etc. Enabling it for IIS will work for what you want, as long as
the names that you need, such as rww.domain.com, office.domain.com, or
whatever else you need, is in the certificate subject alternate names list.
The manual methods work with SBS 2008, too.

Exchange 2007 UC/SAN Certificate
http://msmvps.com/blogs/acefekay/arc...rtificate.aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

On Wednesday, September 30, 2009 4:41 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
I meant to address my last post to Bill, not Les. Sorry....

On Wednesday, September 30, 2009 5:18 PM
Les Connor [SBS MVP] wrote:

Good stuff, thanks Ace.
Good stuff, thanks Ace.

I am the guy that is never used a 3rd party cert, ever, with SBS ;-). Always
used the self signed certs, and always able to make them do. Worst case is
locked mobile devices, but that is worked around by converting the cert to a
..cab file.

--
-----------------------------------------------
Les Connor [SBS MVP]

On Wednesday, September 30, 2009 5:18 PM
Les Connor [SBS MVP] wrote:

no worries, we're all in this together ;-)--
no worries, we are all in this together ;-)

--
-----------------------------------------------
Les Connor [SBS MVP]

On Thursday, October 01, 2009 12:47 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
Cool, yes we are! :-)

Thanks!

On Thursday, October 01, 2009 12:55 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
For my own Ex2007, I never bought a public cert, but I have not any cases
where I would need it. When connecting to OWA, I would just click on the
trust this cert message. However, I just replaced my BB with an HTC Touch
Pro 2 I picked up last night. Cool phone. Screen's a hair larger than the
iPhone, brighter, too! However, it is Windows Mobile. Guess what? Cert issue
time! So instead of dealing with the cert, I thought let me just get a
single name cert (non UC/SAN) and see if it works. Since I set this domain
up back in 1999 when AD first came out, the mindset and consensus was to use
your public name, so I never changed that. it is only me and a few people
that use the domain. So I figured, what the heck, a single name cert would
work internally and externally for mail.mydomain.com, and I have the same
record created internally. Well, the thing worked fine with the Windows
mobile. It synched up fine. It also works fine for my OWA site, since you
can enable that in Exchange to use the cert for other purposes other than
just internally, such as for IIS, SMTP, IMAP and POP. However, I know I will
have an issue with Outlook Anywhere due to the Autodiscover record, but I
don;t use that anyway. If it comes down to it, and I need that function, I
will dish out the extra $$ for a UC/SAN cert. And here I am using a single
cert for limited capabilities, but I keep pushing to get a UC/SAN cert to my
customers. I figured if they ever need the other functionality, I don;t want
to deal with installing certs on their mobile units, or some of their remote
employees that hardly come into the office and are using Outlook Anywhere.

I guess you can call me the landscaper with the tallest lawn on the block!

Ace

On Thursday, October 01, 2009 9:14 AM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Ace Fekay [MCT] wrote:
Thanks for all the good info, Ace.

Bill

On Thursday, October 01, 2009 4:21 PM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
You are welcome!

Ace

On Thursday, October 01, 2009 5:30 PM
Bill Glidden wrote:

Re: Trusted Cert Woes on SBS 2008
Ace Fekay [MCT] wrote:
Thanks for all the good info, Ace.

Bill

On Friday, October 02, 2009 12:31 AM
Les Connor [SBS MVP] wrote:

SBS 2k8 deploys the self signed cert onto WM6 automatically.
SBS 2k8 deploys the self signed cert onto WM6 automatically. I have an HTC
diamond touch, no issues at all.

--
-----------------------------------------------
Les Connor [SBS MVP]

On Friday, October 02, 2009 12:33 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
You are welcome!

Ace

On Friday, October 02, 2009 12:46 AM
Ace Fekay [MCT] wrote:

Re: Trusted Cert Woes on SBS 2008
That I did not know. Thanks!

Ace

On Sunday, November 08, 2009 8:25 PM
Todd Wagner wrote:

Cert Error
I am about to lose my sanity over this. I have a UC cert from Go Daddy. I have the subject alternative name listed on the cert for the server name. I have run the certificate wizard to import the go daddy cert and it is trusted. I have run the connect to internet wizard and that is working. My RWW works just fine. I used the install package for connecting the computers to the domain and that went fine. I continue to get the name on the security certificate is invalid. Sites is listed on the nag screen and that resolves back to the server name, which is listed as the subject alternative name. I have been working with Exchange2007 for 3 years now and got through this issue with the SAN cert. I think this may be a Windows 2008 sbs issue. Please help.

On Monday, November 09, 2009 8:36 PM
Todd Wagner wrote:

Continue to get the cert error
I went through the installing a godaddy cert and reconfigured outlook to make the cert primary with the 4 services and adjusted my urls within Exchange. When I launch outlook, it still comes up with the error with Sites listed security alert. i also created the split DNS as well. I don't know what to check now. This is getting old. Any further advice, or is a call into microsoft needed?

On Monday, January 18, 2010 5:34 PM
ian ohlander wrote:

Certificate trust validation failed
I also recently migrated from SBS2003 to SBS2008 using a swing kit I purchased. For the most part, everything has worked beautifully. One change, though, was that previously, we had just used a self-signed certificate that I always had to manually install on our smart phones (moto-q's and htc touches). I went ahead and purchased a certificate from Verisign and installed it using the request/complete certificate wizard in IIS. Then ran the "configure certificates" wizard in the SBS console and successfully configured that certificate for remote.ogequip.com. The remote site, including /exchange all show a valid certificate. But our smartphones continue to show certificate errors. I have even manually installed the cert on them and it makes no diff.

https://www.testexchangeconnectivity.com/ ran a test and gave the following errors:

Testing SSL Certificate for validity.
The SSL Certificate failed one or more certificate validation checks.

Test Steps

Validating certificate name
Successfully validated the certificate name

Additional Details
Found hostname remote.ogequip.com in Certificate Subject Common name
Validating certificate trust for Windows Mobile Devices
Certificate trust validation failed
Tell me more about this issue and how to resolve it

Additional Details
The certificate chain did not end in a trusted root. Root = OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

The link that error leads to indicates that it cannot follow the certificate chain to a trusted authority. But I am unable to figure out how to fix this. I have been reading numerous blogs and technical articles that give different suggestions (such as working in the exchange power shell) but there are quite a few and I don't want to break existing functionality doing them. OWA works. The site shows secure in explorer. It's only activesync that fails. Plus, if it were this complicated to configure, why wouldn't the import cert wizard not take care of all of this? If it was configuring for all the other remote sites, why not OMA functionality? Obviously, I am missing something.

Does anyone have any suggestions?

thanks.


Submitted via EggHeadCafe - Software Developer Portal of Choice
BizTalk: Incorporating conditional If / Else Functoid Logic in a map.
http://www.eggheadcafe.com/tutorials...rating-co.aspx