1 Reply Latest reply: Jul 18, 2012 9:59 AM by romkus
romkus Level 1 Level 1

We are trying to setup ActiveSync with certificate-based authentication against Exchange 2010 SP2, but with no luck.


What has been done so far:


  1. OWA over https works fine. A public, trusted certificate is in place.
  2. Setup ActiveSync against this Exchange server: works fine, using user name/password.
  3. Issued a user cert, signed with an internal CA, CA-cert successfully imported into al client devices.
  4. Created a new OWA-site with cert-based authentication (just to make sure it works), imported user certificate into a mac, visit this OWA site - cert-based authentication works fine.
  5. Now, with the configuration utility, created configuration profile with that user cert and an ActiveSync account, left password blank and chose the imported cert (p12) as authentication means.


After installing that last profile the device keeps asking for a password and refuses to synchronize. Logs on the server show error 401.2, so I assume iPhone is ignoring the cert and is trying to use password-authentication instead.


The devices tested were iPhone 3G with IOS 4 and iPad 2 with IOS 5.


Any help will be greatly appreciated.



iPad, iOS 5, also iPhone 3G
  • romkus Level 1 Level 1

    No-one with this experience?


    We've done some network analysis (as much as was possible to decrypt) and could see, that the server sends an SSL-Alert (rejection?) to the client after the client presents the certificate.


    That explains why the client falls back to password-authentication, but it does not tell us why the server rejects the cert (that is accepted perfectly when accessed from a browser) in first place.