I had a Windows Server SBS 2003 w/SP2 box with Exchange 2003 SP2 installed. The certificate on IIS was expired, but it pointed to servername.local. The internal domain name meant that I needed to use a dynamic DNS address for external access and also allow webserver/SSL ports through the company firewall. That part was easy, but the connection didn’t work.
I was trying to connect a Windows 8 phone to the Exchange server, but it failed because the certificate name didn’t match. I was using a dynamic DNS address such as example.dyndns.org to attach to the server remotely. https://www.testexchangeconnectivity.com/ told me the problem lay in the certificate file.
My problem: I wanted to set up the company IIS/Exchange server to allow the remote connection from a Windows 8 phone to the Exchange Server which wasn’t going to work with a mismatched SSL certificate.
Turns out the solutions involves a number of steps:
- Re-Run the Connect To The Internet Wizard and change nothing until you get to the Certificate part, then just generate a new Certificate using the Dynamic FQDN which I hope you have setup e.g., yourname.dyndns.org and then finish the wizard.
- Export the key from IIS (Right click Default Web Site>Properties>Directory Security>View Certificate>Details>Copy to File.) Make sure you choose the private key because you’ll need the .PFX file that it generates.
- Install the key on your phone. On a Windows 8 phone I simply Emailed it to the phone and then opened it as an attachment. On Android I copied it via USB and installed it via the Account screen for the account in question and then selected it.
- If you’re using a Windows 8 phone, make sure the account doesn’t exist, then reboot the phone after the cert is installed.
- Add the account and if you use the correct settings, it will work.