Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: romkus
romkus Author
User level: Level 1
0 points

ActiveSync with Certificate-Based Authentication

We are trying to setup ActiveSync with certificate-based authentication against Exchange 2010 SP2, but with no luck.


What has been done so far:


  1. OWA over https works fine. A public, trusted certificate is in place.
  2. Setup ActiveSync against this Exchange server: works fine, using user name/password.
  3. Issued a user cert, signed with an internal CA, CA-cert successfully imported into al client devices.
  4. Created a new OWA-site with cert-based authentication (just to make sure it works), imported user certificate into a mac, visit this OWA site - cert-based authentication works fine.
  5. Now, with the configuration utility, created configuration profile with that user cert and an ActiveSync account, left password blank and chose the imported cert (p12) as authentication means.


After installing that last profile the device keeps asking for a password and refuses to synchronize. Logs on the server show error 401.2, so I assume iPhone is ignoring the cert and is trying to use password-authentication instead.


The devices tested were iPhone 3G with IOS 4 and iPad 2 with IOS 5.


Any help will be greatly appreciated.


Roman.

iPad, iOS 5, also iPhone 3G

Posted on Jul 15, 2012 3:53 PM

Reply
1 reply
User profile for user: romkus
romkus Author
User level: Level 1
0 points

Jul 18, 2012 9:59 AM in response to romkus

No-one with this experience?


We've done some network analysis (as much as was possible to decrypt) and could see, that the server sends an SSL-Alert (rejection?) to the client after the client presents the certificate.


That explains why the client falls back to password-authentication, but it does not tell us why the server rejects the cert (that is accepted perfectly when accessed from a browser) in first place.

Reply

ActiveSync with Certificate-Based Authentication

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up