9 Replies Latest reply: Aug 31, 2008 8:41 AM by tokatta
gixxer69 Level 1 Level 1
Hello, picked up iPhone 3G in hopes of replacing my Windows Mobile 6 phone (AT&T 8525), and first i did was,

a) Installed the my .pfx certificate, appears successful as the certificate showed up under Settings | General | Profile, as identity certificate (although shows up as "Unsigned", not sure why). Verified the details of the certificate and all looks correctly imported, especially the expiration date is correct.

b) Setup Safari to NOT block popup, cleared cache, history and cookies

c) Opened up Safari, and pointed to the following URL,


And i get the "The page cannot be displayed", with Error Code: 401 Unauthorized.

This same .pfx certificate is used successfully in my Windows machine, and using the same OWA URL, using Internet Explorer, Firefox and Safari for Windows.

And my Windows Mobile 6 (AT&T 8525 phone) also using the same .pfx certificate has no problem opening up the login page to the OWA, using the same URL.

Can someone help or verify whether accessing OWA through iPhone 3G Safari using the .pfx certificate is NOT supported at this time?

Thanks much!

iPhone 3G, Other OS, iPhone 3G
  • gixxer69 Level 1 Level 1
    Sorry, i meant to say,

  • logich Level 1 Level 1
    I have a similar problem, and have been trying to track it down. It may be related to the CA that signed your certificate not being in the trusted roots for the iPhone. I can't quite figure it out. Some of the universities (MIT, Dartmouth) have config pages about using digital certs with the iPhone, you may see if their instructions help.
  • GK0820 Level 1 Level 1
    Was having a similiar problem, couldn't login into owa with iphone. The following steps helped me figure out the correct information to use. I logged into my owa email account by using Safari browser on my computer. I then used the address that Safari was using to log into OWA.

    Example using SAFARI:

    Email: Johndoe@company.com
    Username: Johndoe
    Password: ****
    Server Address (from Safari Browser) www.webmail.companyname.com:443

    I received a certificate error, but accepted the error and continued. Set my preferences for email, contacts & calendar. I was then able to use my company's email on my iphone.
  • SupremeNemesis Level 1 Level 1
    I tried with the port number number at the end, and I still can't get to OMA/OWA through the Safari browser. It appears not to be using the certificates.
  • graphics-guru Level 2 Level 2
    Why log into OWA on the iPhone when ActiveSync uses the OMA connection? (Outlook Mobile Access vs. Outlook Web Access which is a full notebook client)

    We configured our server and then verified everything BEFORE using the iPhone by accessing https:/www.domain.com/OMA from a notebook or desktop. If you receive a login prompt followed by a list of Inbox messages, your server is properly configured. If not, additional server work is needed.

    Then, simply add an Exchange account on the iPhone following the onscreen example for syntax. Note that server path is www.domain.com (path to Exchange server with the word Exchange).
  • graphics-guru Level 2 Level 2
    typo - should have said without the word Exchange
  • SupremeNemesis Level 1 Level 1
    Hey, thanks for the comments. What I was trying to say, is that I have tried using both OMA and OWA without success on the iPhone. Even in the Dafari browser as it appears not to be trying to use the certificate installed.

    We can and do successfully used OMA and OWA at present - OMA on WM6 devices and Nokia E51s whilst OWA on home connections with the same ID certificates that are installed on the iPhone without success.

    And the iPhone Exchange account won't work, as I cannot even get Safari to access these as it is attempting to an Anonymous login (rather tha the ID certificate) which our ISA server does not allow.
  • SupremeNemesis Level 1 Level 1
  • tokatta Level 3 Level 3
    When you created the PCKS#12 did you create with the full chain? My first suspicion is "unsigned" - this indicates that the phone can't validate what signed this certificate. You may have to import the signing root seperately as I don't know if the iPhone cert store handles chained certs or not.

    Secondly, Safari browser is echoing back the 401 message indicating that the server did not accept your credentials. Many SSL implementations require the client to send the full chain (to the root that signed everything) - it makes no sense when the server should have the root and be able to validate this, but I have run into this before.

    Since this has worked on your WinMO device I would try the following:

    From a desktop PC access your OMA/OWA server - hopefully you have the PFX installed on a desktop
    Click on the SSL lock icon and view the certificate hierarchy
    Export the root and any intermediate into .CER file
    Import the root and any intermediate CER files into the iPhone

    The first thing that you hopefully will see is that the Profile cert will no longer say unsigned. If it does not, try re-importing it (pfx) AFTER you install the root(s).

    I know that some of this seems un-necessary, but I have done a lot of PKI stuff over the years, but there seems to be very different implementations in key management.

    Hope this helps!