04-28-2013 04:10 PM
We cannot get the Z10 to do ActiveSync with our Exchange 2010 server. We know for a fact that ActiveSync works with our Exchange server, because we have an iPhone that syncs correctly, and because Microsoft's online Exchange testing tool also confirms that our test account can be accessed.
Also, I used network monitoring software to look at the actual network traffic, and I can see TLS packets being exchanged - however with the Z10, that's where it stops: when connecting from MS' test tool, the TLS setup is followed by HTTP traffic, which is not the case when the Z10 tries to connect - traffic stops after that point.
This leads me to believe that the Z10 is refusing our server's certificate, which would be logical, as that certificate is merely a self-signed one (it would be real nice though if the Z10 actually *told* me that this is indeed the reason).
Operating from that guess, I tried to install our self-signed certificate onto the Z10 device, but without success. I exported our certificate to a .pfx file and moved it to the "certs" folder on the device, then proceeded to the "Import certificates" section of the security settings (translating these names back from the French UI) . I tried both the "Personal certificate authority" and the "Personal Client " classes, but even though the Z10 makes me type in the certificate's (mandatory) password, the import fails with the red "X" icon and the message "0 certificates imported out of 1".
This problem has cost us hours of our time at this point, so a pointer in the right direction would be *much* appreciated.
Solved! Go to Solution.
04-28-2013 05:53 PM
04-28-2013 06:44 PM
That being said, why don't you buy a cheap certificate issued by a CA recognised by the Z10?
That is certainly a possibility, but let me get the facts straight first...
if you want to import something on your Z10, it is not the certificate you want to import, but rather the certificate that authenticates your certificate.
The support article I was basing my attempt on *did* mention that I should export two certificates... But I have no idea what that "parent" certificate is! I created the self-signed certificate quite some time ago as part of setting up Exchange 2010 (at least I think that's how it happened), and I wasn't aware this self-signed certificate was authenticated by another.
How do I find out which certificate I need to transfer onto the Z10?
04-29-2013 01:40 AM
04-29-2013 04:20 AM - edited 04-29-2013 04:22 AM
Hi Xandrex, thanks again.
I'm not insisting on using a self-signed certificate at all. I'd just like to have your opinion before purchasing a real certificate: do you think that this certificate issue is indeed what's preventing the https connection?
04-29-2013 12:26 PM
I'm rockin the BlackBerry PRIV, Passport, Z30, Z10, Q10, BlackBerry Mini Stereo Speaker, 64 gig PlayBook,BT Headset HS-700
04-29-2013 12:54 PM
device will need root cert installed prior and possible a user cert too depending on environment
if you dont want to install root certs, use verisign, godaddy etc, to get one
I used Godaddy multi cert as you need one for EAS, OWA, discover, FQDN
BESAdmin's, please make a signature with your BES environment info.
BES 12 and BES 5.0.4 with Exchange 2010 and SQL 2012 Hyper V
05-03-2013 05:59 PM - edited 05-03-2013 06:00 PM
Thanks to the responders!
I got a cheap certificate and installed it on the server. This solved the problem.
Conclusion: there is a problem with installing certificates on the device itself (which could probably be solved), but installing a real certificate on the server does the job nicely.