I have a SBS 2008 server running exchange 2007. A Few days ago my self-signed certificate expired. I went through some steps to create a new one. It fixed my outlook 2007 users from getting errors but my Iphone and Droid users are not getting authentications errors. I ended up with a lot of certificates don’t know which ones I need or if I am missing any. Something is just not right. I have included a list of my certificates please review. AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {remote.printedcircuits.com, pci-server, pci-server.pci.lo cal, *.printedcircuits.com} HasPrivateKey : True IsSelfSigned : True Issuer : CN=remote.printedcircuits.com NotAfter : 1/10/2017 9:13:47 AM NotBefore : 1/10/2012 9:13:47 AM PublicKeySize : 2048 RootCAType : Unknown SerialNumber : 60AE92CB93711FAE4DA99E0434275D1E Services : IMAP, POP, IIS, SMTP Status : Valid Subject : CN=remote.printedcircuits.com Thumbprint : E2450E98C3BC8BB92A0A9099DD615B37214C5080 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule, System.Security.Acce ssControl.CryptoKeyAccessRule} CertificateDomains : {PCI-SERVER, PCI-SERVER.pci.local} HasPrivateKey : True IsSelfSigned : True Issuer : CN=PCI-SERVER NotAfter : 1/10/2017 8:57:45 AM NotBefore : 1/10/2012 8:57:45 AM PublicKeySize : 2048 RootCAType : None SerialNumber : 514A45D671D28CAC48968FEB63041A0A Services : SMTP Status : Valid Subject : CN=PCI-SERVER Thumbprint : 015BE22B4EC6E7C1ECA7B0E22A7DAA25A749DE31 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {PCI-SERVER.pci.local} HasPrivateKey : True IsSelfSigned : False Issuer : CN=pci-PCI-SERVER-CA NotAfter : 1/9/2013 2:02:02 AM NotBefore : 1/10/2012 2:02:02 AM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 25C6AECB00010000000C Services : None Status : Valid Subject : CN=PCI-SERVER.pci.local Thumbprint : 5AB6FEC6E27944BA6526CD4E1612FB2E6E80C468 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {pci-PCI-SERVER-CA} HasPrivateKey : True IsSelfSigned : True Issuer : CN=pci-PCI-SERVER-CA NotAfter : 1/8/2017 10:13:14 PM NotBefore : 1/9/2012 10:03:16 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 0A71217D382402A74932A1F484FA3B32 Services : None Status : Valid Subject : CN=pci-PCI-SERVER-CA Thumbprint : 4C0F802E98ED45E655BE430D2A4763952EDA1D27 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {WMSvc-WIN-7JW7UWR0M27} HasPrivateKey : True IsSelfSigned : True Issuer : CN=WMSvc-WIN-7JW7UWR0M27 NotAfter : 12/28/2019 3:18:19 PM NotBefore : 12/30/2009 3:18:19 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : D93DF1D26E10158A4E2D2429C3A21DB9 Services : None Status : Valid Subject : CN=WMSvc-WIN-7JW7UWR0M27 Thumbprint : A6FFC903E02C5203F6DC139E50DA414EF609F00D AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule, System.Securi ty.AccessControl.CryptoKeyAccessRule} CertificateDomains : {Sites, PCI-SERVER.pci.local} HasPrivateKey : True IsSelfSigned : False Issuer : CN=pci-PCI-SERVER-CA NotAfter : 12/30/2011 1:59:07 PM NotBefore : 12/30/2009 1:59:07 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 610EBFD5000000000002 Services : SMTP Status : DateInvalid Subject : CN=Sites Thumbprint : 549B92FEA45758246CBD588BF62EE4206D3520B3 AccessRules : {System.Security.AccessControl.CryptoKeyAccessRule, System .Security.AccessControl.CryptoKeyAccessRule} CertificateDomains : {pci-PCI-SERVER-CA} HasPrivateKey : True IsSelfSigned : True Issuer : CN=pci-PCI-SERVER-CA NotAfter : 12/30/2014 2:07:38 PM NotBefore : 12/30/2009 1:57:40 PM PublicKeySize : 2048 RootCAType : Registry SerialNumber : 6F70B0DBBB418CBE40A10D434CCB5751 Services : None Status : Valid Subject : CN=pci-PCI-SERVER-CA Thumbprint : AF723D9F77B29CAF007C9E2FCE3E944A43F90A1A

Go to your OWA url. Download the certificate (export to a file) and install it on Phone. Hopefull this will work.Raj

Buy a certificate. $70/year from http://certificatesforexchange.com/ Nothing to install the devices and it will avoid any kind of popup errors. The self signed certificate is not actually supported for use with ActiveSync anyway. I have instructions on the process, including notes for SBS installation, here: http://exchange.sembee.info/2007/install/multiplenamessl.asp Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Ok, if I purchase a cert. do i tell them i want it for mail.domain.com, autodiscovery.domain.com, server.doamin.local, server, sites? I get 5 domains for the cert. Sembee, that site for the certs has a great price. Just want to make sure i have include what i need. Do i need to tell them that it for smtp, imap, pop, iis, https? or do i do that after i import it? Jeff

Hello, You can recreate a single certificate by adding all the possible DNS name values to the certificate Subject Alternative Name property on the certificate request. A Windows–based Certificate Services certification authority should create a certificate for such a request. Best Regards, Lisa

Jeff, you can buy a wild card certificate which can be *.yourdomainname.com. You dont need to specify any of the services. YOu get the certificate from any of the vendors. One of them can be http://www.rapidssl.com/buy-ssl/wildcard-ssl-certificate/index.html Once you get the cert, follow my post here http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/299a7e4b-daab-4e19-aad3-498ce69924c7 All will be fine.Raj

Wildcard certificates are not the same as a Unified Communications certificate and are not generally recommended for use with Exchange due to compatibility issues with some clients. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Wildcard certificates are not the same as a Unified Communications certificate and are not generally recommended for use with Exchange due to compatibility issues with some clients. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.