tag:blogger.com,1999:blog-798194812750898417.post1686279198613795885..comments2024-03-27T09:53:39.301-07:00Comments on The EXPTA {blog}: How to Securely Deploy iPhones with Exchange ActiveSync - Phase 1 - Building the CAJeff Guillet - @exptahttp://www.blogger.com/profile/05278298222887921824noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-798194812750898417.post-43580635357918075442013-04-03T15:54:07.866-07:002013-04-03T15:54:07.866-07:00Had isues at the create and submit a request to th...Had isues at the create and submit a request to this CA > (*&%$) > Submit - step. Found that I needed to trust the server within IE. - To solve this problem, please add the<br />http://servername site to the Trusted sites.<br /><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-12318370149566088702012-12-10T09:06:34.436-08:002012-12-10T09:06:34.436-08:00No that won't work. You need a client certifi...No that won't work. You need a client certificate for each user who will be using the solution.Jeff Guillet - @exptahttps://www.blogger.com/profile/05278298222887921824noreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-31161365588825871462012-12-10T08:42:07.501-08:002012-12-10T08:42:07.501-08:00Yes, I have an Externally Truted certificate insta...Yes, I have an Externally Truted certificate installed too. Can I use this instead of have to install certificate services. Export the private key for install to the phone. Configure the Active-Sync virtual direcory in IIS to require SSL and certificae. Publish the certifate to the required users in Active Directory.<br />Finaly creat the iphone configeration.<br />Am I missing anything?ochttps://www.blogger.com/profile/05742527504587137884noreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-6501315311920548732012-12-06T07:41:46.748-08:002012-12-06T07:41:46.748-08:00Jeff,
Thanks for putting this guide together.
I ha...Jeff,<br />Thanks for putting this guide together.<br />I have a simple setup. Just one Exchange 2003 Server. <br />It already has certificate installed (from an externaly trusted CA) for our Outlook Web Access. <br />I'm guessing I dont need to go thru every step you've outlined.<br />I'd be grateful if you could bullet poiNt the steps for me as I'm new to the subject.<br />Thanks again for you time.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-33349118328016112542012-11-13T07:56:31.324-08:002012-11-13T07:56:31.324-08:00Yes. Yes. Jeff Guillet - @exptahttps://www.blogger.com/profile/05278298222887921824noreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-76975712539049241602012-11-13T05:48:10.272-08:002012-11-13T05:48:10.272-08:00Do the above instructions apply to Windows 2003 as...Do the above instructions apply to Windows 2003 as well?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-8129005110429804112012-11-05T19:09:12.486-08:002012-11-05T19:09:12.486-08:00Or is there a way to simply renew the certificate ...Or is there a way to simply renew the certificate once it expires?Kennoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-56383181002716161462012-11-05T18:59:42.996-08:002012-11-05T18:59:42.996-08:00Hi Jeff, I am wondering if there's a way to up...Hi Jeff, I am wondering if there's a way to update the ActiveSyncUser certificate on users' devices over the air or network once it expires, without connect to iphone conf utility again.<br />Thanks.Kennoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-85359217886853135892012-08-06T01:44:01.735-07:002012-08-06T01:44:01.735-07:00Hi Jeff, thanks for the very detailed instructions...Hi Jeff, thanks for the very detailed instructions. I'm a bit of a noob, and I'm trying to patch a quick job by my predecessor that is not working because of multiple host names. The certificate fails because of different names. Do you have any suggestions as to where in this sequence I can add Subject Alternative Names in the certificate? I cannot change the server name, and it will be a one for all, doing mail, web and ftp, so we will have server.example.com, mail.example.com, owa.example.com, autodiscover.example.com etc.Simonhttps://sites.google.com/site/simonpallenproject/homenoreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-76301103905616011882010-06-02T14:29:52.169-07:002010-06-02T14:29:52.169-07:00I see what you mean now. You're using a domai...I see what you mean now. You're using a domain-based root CA and I was using a standalone CA. The Client Authentication Certificate template is only available on stand-alone CAs. You should be able to use the "User" certificate template, however.Jeff Guillet - @exptahttps://www.blogger.com/profile/05278298222887921824noreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-19707978980009549962010-06-02T14:15:42.104-07:002010-06-02T14:15:42.104-07:00Seanv,
You want to request a certificate using th...Seanv,<br /><br />You want to request a certificate using the "Advanced Certificate Request" link, not a standard user certificate.Jeff Guillet - @exptahttps://www.blogger.com/profile/05278298222887921824noreply@blogger.comtag:blogger.com,1999:blog-798194812750898417.post-73531870013573598982010-06-02T12:34:05.252-07:002010-06-02T12:34:05.252-07:00Jeff, the certificate template you are using "...Jeff, the certificate template you are using "Client Authentication Certificate" is not available on my CA. Is this template a specific template for Windows 2008 R2? Our CA is Windows 2008. Any suggestions?Anonymousnoreply@blogger.com