Had some Palm Pre phones come into work today, and had to set them up to the Exchange 2003 server. As with other Palm devices and such that use OWA (Outlook Web Access) and EAS (Exchange Active Sync) we need to export our CA Root Certificate to the phone and install it to the Cert Store. This seems to be a huge problem for some people, so maybe this guide will help you out.
First, you need to make sure the IIS Web Server that you connect to using the phone or web browser has a SSL certificate that has the correct CN (Common Name) of the server. This is very important. If you are connecting to say; https://mail.server.com on the phone the CN of the web server certificate must be mail.server.com
The server at work did not have this for some reason, so in the IIS System Manager open SERVER (local computer) and Websites, right click on Default Web Site and click on Properties. Make sure you have 443 in the SSL port on this page, and then click on Advanced. Make sure under ‘Multiple SSL identities for this web site’ you have a Default with SSL port 443. Click OK if you added it, if you have it cancel out of it.
Click on the Directory Security tab.
Now click on View Certificate if you have the ability to (the server already has a certificate installed). Click on the Certification Path tab at the top and you should have a certificate at the top with the CA name, and one under it, this should be the CN of this web server.
If you cannot click on the View Certificate button you need to have this server request one from the available CA server on your network. When you are asked for the CN make sure it is the external FQDN of this server, not just the hostname.
Now once that’s done, you should have an Edit button under the View Certificate button, click Edit and at the top make sure you have ‘Require secure channel (SSL)’ unchecked. You will use SSL yes, but if you have only one Exchange server on your network you cannot have a Front-end and Back-end server setup and need this unchecked for Exchange to communicate with IIS and such on the server itself. We will be using our self-signed certificate for SSL communications from the Palm Pre to the IIS Server over the Internet.
Click OK at the bottom and your done here. Open the Exchange System Manager. Open up Global Settings and then right click on Mobile Services and choose Properties. On this first page, I have (by default it seems) everything at the top checked. At the bottom I checked Enable Outlook Mobile Access and Enable unsupported devices, and clicked OK. This is up to you, not sure if you need the unsupported devices checked, but it seems to work fine.
Some people talk about it not working with Forms Based Authentication. I do not use this at home, but we do at work, and it does not make a difference in either case.
We should be done on the server end. On your workstation, you should be able to connect to https://exchange-server-fqdn/exchange and get your login page, or popup for login, or if you use Internet Explorer you might get a transparent login to the Outlook Web Access. In Internet Explorer at the right of the address bar you should have a SSL Lock icon, either in green or red depending if you installed your self-signed certificate on the local machine. Left click on this and choose View Certificates.
At the top click on the Certification Path and here you should have two lines of certificates. At the top, the root certificate under that, the CN of this web server running Outlook Web Access. Click on the top Root Server CA certificate and click on View Certificate near the bottom of this dialog. At the top of the new dialog, click on Details, then at the bottom click on Copy to File.
In the wizard click on Next, then Next again. Browse to a location you can remember, the desktop is fine, and type in a file name and click Save. Click Next in the wizard then Finish. It will say the export was successful. Click OK to close all the dialogs and you can close Internet Explorer.
Connect your Pre via USB and set it to USB File Mode. Copy the certificate to your phone and use the Certificate Manager to install the certificate. You should be able to setup your Exchange account on the phone now.
Once everything is up and running, you can get the Microsoft Exchange Server ActiveSync Web Administration Tool and install it on your server to get a few administrative functions for Mobile Devices.