Error message 1
Error message 2
Windows Mobile-based devices do not generally contain intermediate CA certificates in their certificate store. Internet Information Services (IIS) sends the whole certificate chain to the device. However, IIS does this only if it can verify the whole chain. By default, the device does not contain these certificates. Therefore, the server must send them. The device must contain only the root certificate in its certificate store.
Frequently, this issue occurs with GoDaddy certificates because either the root CA certificate or the intermediate CA certificate is missing from the certificate store on the server that is running Windows Server 2003. For more information, visit the following website:
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
Note To obtain the information about the certificate that you are using, type the Microsoft Office Outlook Web Access URL for the server into the address bar for Windows Internet Explorer, and then click the lock icon. You may have to export one or more of the certificates in the “Certification Path” to complete the remaining steps. Additionally, you may be able to obtain these files and more specific instructions from your certificate vendor.
Method 1: Use a Group Policy configurationUse a Group Policy configuration to distribute certificates that will be trusted by all member computers of the domain. For more information about how to add a trusted root CA to a Group Policy Object (GPO), visit the following Microsoft website:
Method 2: Manually install certificates on Exchange Server
- Use an account that has Domain Administrator credentials to log on to the Exchange Server that is used for Outlook Web Access. Frequently, this server will be the front-end server.
- Click Start, click Run, type mmc.exe, and then click
- On the File menu, click Add/Remove Snap-in.
- Click Add.
- Click Certificates, and then click
- Click My user account, and then click
- Click Add, click Computer account, click Next, and then click
- Click Close, and then click
OK. The list of certificate categories for the local computer appears in the snap-in window.
- Expand Certificates - Current User, right-click Intermediate Certification Authorities, point to
All Tasks, and then click Import.
- Verify that all certificates in the chain are in the
Intermediate Certification Authorities container. Also verify that no certificates are disabled or expired.
- If a certificate is missing, point to All Tasks, and then click Import. Use the wizard to import the file that you obtained from your CA.
- Expand Certificates - Local Computer, right-click Intermediate Certification Authorities, point to
All Tasks, and then click Import.
- Use the wizard to import the file that you obtained from your CA.
Note The root certificate will be in the Third Party Root Certification Authorities container instead of in the
Intermediate Certification Authorities container.
- Repeat steps 9 through 13 for the trusted root CA certificate.
- Restart the IIS service for the changes to take effect.
- Make sure that the certificates are installed for the local computer account.
- The certificates do not have to be installed on the device if the certificates are installed on the servers with which you are synchronizing.
- You can use the SSLChainSaver utility to determine which certificates are missing.
For more information about the SSLChainSaver utility, visit the following Microsoft website:
The information and the solution in this document represents the current view of Microsoft Corporation on these issues as of the date of publication. This solution is available through Microsoft or through a third-party provider. Microsoft does not specifically recommend any third-party provider or third-party solution that this article might describe. There might also be other third-party providers or third-party solutions that this article does not describe. Because Microsoft must respond to changing market conditions, this information should not be interpreted to be a commitment by Microsoft. Microsoft cannot guarantee or endorse the accuracy of any information or of any solution that is presented by Microsoft or by any mentioned third-party provider.
Microsoft makes no warranties and excludes all representations, warranties, and conditions whether express, implied, or statutory. These include but are not limited to representations, warranties, or conditions of title, non-infringement, satisfactory condition, merchantability, and fitness for a particular purpose, with regard to any service, solution, product, or any other materials or information. In no event will Microsoft be liable for any third-party solution that this article mentions.
Visit our Windows Phone Forums for more helpful hints and ideas.
Article ID: 927465 - Last Review: Nov 1, 2011 - Revision: 1