17124 Views 9 Replies Latest reply: Aug 31, 2008 8:41 AM by tokatta
I have a similar problem, and have been trying to track it down. It may be related to the CA that signed your certificate not being in the trusted roots for the iPhone. I can't quite figure it out. Some of the universities (MIT, Dartmouth) have config pages about using digital certs with the iPhone, you may see if their instructions help.
Was having a similiar problem, couldn't login into owa with iphone. The following steps helped me figure out the correct information to use. I logged into my owa email account by using Safari browser on my computer. I then used the address that Safari was using to log into OWA.
Example using SAFARI:
Server Address (from Safari Browser) www.webmail.companyname.com:443
I received a certificate error, but accepted the error and continued. Set my preferences for email, contacts & calendar. I was then able to use my company's email on my iphone.
Why log into OWA on the iPhone when ActiveSync uses the OMA connection? (Outlook Mobile Access vs. Outlook Web Access which is a full notebook client)
We configured our server and then verified everything BEFORE using the iPhone by accessing https:/www.domain.com/OMA from a notebook or desktop. If you receive a login prompt followed by a list of Inbox messages, your server is properly configured. If not, additional server work is needed.
Then, simply add an Exchange account on the iPhone following the onscreen example for syntax. Note that server path is www.domain.com (path to Exchange server with the word Exchange).
Hey, thanks for the comments. What I was trying to say, is that I have tried using both OMA and OWA without success on the iPhone. Even in the Dafari browser as it appears not to be trying to use the certificate installed.
We can and do successfully used OMA and OWA at present - OMA on WM6 devices and Nokia E51s whilst OWA on home connections with the same ID certificates that are installed on the iPhone without success.
And the iPhone Exchange account won't work, as I cannot even get Safari to access these as it is attempting to an Anonymous login (rather tha the ID certificate) which our ISA server does not allow.
When you created the PCKS#12 did you create with the full chain? My first suspicion is "unsigned" - this indicates that the phone can't validate what signed this certificate. You may have to import the signing root seperately as I don't know if the iPhone cert store handles chained certs or not.
Secondly, Safari browser is echoing back the 401 message indicating that the server did not accept your credentials. Many SSL implementations require the client to send the full chain (to the root that signed everything) - it makes no sense when the server should have the root and be able to validate this, but I have run into this before.
Since this has worked on your WinMO device I would try the following:
From a desktop PC access your OMA/OWA server - hopefully you have the PFX installed on a desktop
Click on the SSL lock icon and view the certificate hierarchy
Export the root and any intermediate into .CER file
Import the root and any intermediate CER files into the iPhone
The first thing that you hopefully will see is that the Profile cert will no longer say unsigned. If it does not, try re-importing it (pfx) AFTER you install the root(s).
I know that some of this seems un-necessary, but I have done a lot of PKI stuff over the years, but there seems to be very different implementations in key management.
Hope this helps!