Startcom SSL certificate not working for Exchange 2010 Activesync

Not open for further replies.

Moses Hull

When testing the connection from the system reports back " Validating certificate trust for Windows Mobile devices" failed.
Does Microsoft not support STARTCOM certificates for mobile devices still? This was an issue over 2 years ago but I thought they had fixed it.

ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
Attempting to resolve the host name in DNS.
The host name resolved successfully.
Additional Details
IP addresses returned: xx.xx.xx.xx
Testing TCP port 443 on host to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
Validating the certificate name.
The certificate name was validated successfully.
Additional Details
Host name was found in the Certificate Subject Common name.
Validating certificate trust for Windows Mobile devices.
Certificate trust validation failed.
Tell me more about this issue and how to resolve it
Additional Details
The certificate chain didn't end in a trusted root. Root = CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Moses Hull of Alexant Systems

Ed Crowley [MVP]

The certificate authority that issued that certificate is not trusted by Is the root certificate installed in the server's root certificate store? Are you using ISA? If so, you'll need to restart the firewall service after installing the root certificate.

Ed Crowley MVP " There are seldom good technological solutions to behavioral problems."

Sembee [MVP]

As far as I am aware, StartCom certificates still aren't supported by most mobile devices. You need support in both locations, on the server and on the device. This is particularly a problem with Windows Mobile devices because of the way that OS updates come from the handset supplier, and not from Microsoft.
Furthermore all Windows clients need to have downloaded the latest root certificates, again this is not something that everyone does.

You need to get used to SSL issues with StartCom, they aren't established as the other main players.


Simon Butler, Exchange MVP
Blog | Exchange Resources
Not open for further replies.