Lync 2010 for iPhone/iPad Certificate issue

Dears,

on 20th of December Microsoft released Lync client for i-devices. this is very good news, however i`ve dealed with an issue:

There is a internal CA (Enterprise CA) which issued certificate to my Lync Server. Because it "Self-signed" and untrusted outside of our organization i`ve dealed with an issue on iPad/iPhone device. When i try to log in application reports that "can't verify certificate from the server. please contact your support team.". i`ve browsed web and someone said that certificate should be trusted by known centers, such as Verisign.

Is there any way to "force" root certificate to that device or option in program to "ignore" untrusted certificates? For example, i don`t have such problem with exchange sync on i-device.

 

Please, help!

December 23rd, 2011 11:20am

Resolution found: Just install "untrusted" root ca to device.

Installing certificates via Configuration Profiles
If Configuration Profiles are being used to distribute settings for corporate services
such as Exchange, VPN, or Wi-Fi, certificates can be added to the profile to streamline deployment.

Installing certificates via Mail or Safari
If a certificate is sent in an email, it will appear as an attachment. Safari can be used to download certificates from a web page. You can host a certificate on a secured website and provide users with the URL where they can download the certificate onto their devices.

Installation via the Simple Certificate Enrollment Protocol (SCEP)
SCEP is designed to provide a simplified process to handle certificate distribution for large-scale deployments. This enables Over-the-Air Enrollment of digital certificates
on iPhone and iPad that can then be used for authentication to corporate services, as well as enrollment with a Mobile Device Management server. For more information on SCEP and Over-the-Air Enrollment, visit www.apple.com/iphone/business/resources.

http://www.apple.com/iphone/business/docs/iOS_Certificates.pdf

 

 

Free Windows Admin Tool Kit Click here and download it now
December 23rd, 2011 12:04pm
How did you go about installing the "untrusted" root ca to device?  TIA.
December 28th, 2011 8:38pm

i`ve used the simpliest solution:

 

Installing certificates via Mail or Safari
If a certificate is sent in an email, it will appear as an attachment. Safari can be used to download certificates from a web page. You can host a certificate on a secured website and provide users with the URL where they can download the certificate onto their devices.

 

P.S. i`m now using Lync 2010 on all i-Devices in my enterprise. Also, i suggest to everyone use this manual

URL http://download.microsoft.com/download/C/A/2/CA20D75B-28DC-4E0F-9E63-AD50DBD1FE9B/LS_Mobility.doc

Free Windows Admin Tool Kit Click here and download it now
December 29th, 2011 12:04am

Hello ,

 

I tried to email the certificate as you specified and i still get the error ther it can't be verified.  Lync works great with android devices but not iOS.  any suggestions?

 

thanks

January 3rd, 2012 11:43pm
This really isn't specific enough to be an accepted solution. For example, how do you do number 2 or 3? Emailing a cert isn't easy, as Outlook blocks the files and installing via Safari using the Microsoft CA is a multi-step process. I'll look into how to implement option 3 using a MS CA.
Free Windows Admin Tool Kit Click here and download it now
January 6th, 2012 1:28am

Hi there,

i have the same issue with certificate in Iphone / Ipad but not in android.

in my android phone, it will automatically install CA root. but Iphone / Ipad i have a trick for that.

generate the certificate from lync server 2010 into PFX file. then export root Certificate into PFX too. send all the pfx certificate using email or cable data into Iphone / Ipad device. then install the Certificate. u will find the certificate in General > profiles.

then login lync 2010 normally.

thats what i do for Root CA in my iphone / ipad.

still dont know why the apple device cannot automatically install Root CA certificate. -cheers-

March 15th, 2012 11:55am

I used the following blog to get mine working:

http://www.bricomp.com/blogs/archives.cfm/category/lync

Emailing an exported certificate did not work for me, I had to use the Apple Mobile Configuration Utility to create the profile with the CA root certificate.

Free Windows Admin Tool Kit Click here and download it now
April 3rd, 2012 4:24pm

Hi CalPeete,

What if you dont have a hardware load balancer and Lync on the Iphone works internally , but Externally it doesnt work it gives unable to verify the certificate.

any ideas of how to fix this?

thanks.....

April 26th, 2012 12:09pm

What certificate are you exporting?  The OAuth cert or the Lync Default Certificate?

OAuth is issued to my domain.com and the Lync Default Certificate is issued to lync.domain.com 

I emailed them both and picked them up on the iphone through it's mail app.  Installed them but I still get the same error.

This is with the 2013 (preview) server installed.

Free Windows Admin Tool Kit Click here and download it now
October 12th, 2012 7:28pm

You can go to Lync server's IIS, under IIS top site (not your Lync default site)-> server certificate

choose the certificate you created (it should have been created  as domain certificate from your own CA)

right click and click export

you can export as pfx as default.

save it email.

Ipad need it. PC can use pfx or p7b. I exported p7b from CA console.

December 1st, 2012 10:21pm

I couldn't make my Lync for iOS work.

After a lot of frustration I found the solution!

I downloaded Wync for Lync and using the same settings it all works, including voice calls.

The software is free. 

Kind regards from Germany!




Free Windows Admin Tool Kit Click here and download it now
July 8th, 2013 9:45am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics