All-in-a-way tracking configure Exchange Actviesync using certificate authentication

The first two paragraphs are crap, please save time for people to bypass.

The work needs to use the Exchange ActiveSync Certificate authentication way, asked the colleague does not have one to do, the company's ActiveSync also only uses the Basic authentication, but is maintained by the foreign colleague. There is no way to have to come, but only in the domestic web site to find a few pieces, not comprehensive also not system, for me such a small white, after watching will only become more and more confused. Microsoft's official website is very comprehensive, but is divided into a number of topics, each function and configuration points have a lot of situations, for what they want to do is difficult to pick out the targeted content, Microsoft's Help document for their products are familiar with the module, see after the can be connected by themselves. I configured myself, found that the pit is still quite a lot, always unsuccessful. What about that?

Also get foreign sites. Found 3 articles on the Exchange certificate verification configuration at a foreign site, configured once, and the ipad will be able to verify the receipt of the email with a certificate. Have to admire the foreign people's professional attitude, written in detail, all-in-one, illustrated, clear, and worth learning. Originally I want to write an article, but considering the time cost problem, since the Daniel already have ready-made, rather carry forward the take doctrine, really put it over, in case of a rainy day. In order not to let the people who search this article too despise, I would like to do a brief summary.

Prepare the knowledge (do not know can Baidu):

1. Microsoft Exchange Server and ActiveSync services.

2. Microsoft Domain (Active Directory) services.

3. Microsoft IIS services.

4. Microsoft three types of authentication methods, Basic, Windows integration, Certificate authentication. There are, of course, other authentication methods, such as Kerberos, that are not in the ActiveSync support range.

5. Digital certificate architecture and certificate format.

6. SSL protocol-use client-side certificates.

7. Build the Microsoft Certificate Server.

8. Mobile Device ActiveSync Client, iOS comes with Exchange and regular mail client, this is enough, if it is Android also comes with.

Once you know this, you can configure it on the server side. Here are a few of the main steps I've summed up (no definite sequencing):

1. Start with an Exchange Server server and an IIS server, and believe that everyone who looks at this article should have it, and generally this environment integrates with the Windows domain.

2. Install the Microsoft Certificate Server, which is used to issue certificates to users and Exchange server.

3. Request and issue certificates for Exchange Server.

4. Configure ActiveSync in Exchange Server to verify that a certificate is required.

5. Open authentication Mapping of the ActiveSync virtual directory in IIS.

6. Request and issue certificates for domain users.

Here are the three articles I found.

The first article is about how to request a certificate for Exchange Server, which is a server certificate for server-side authentication when the client is connected to a service-side connection, which uses the SSL protocol, does it say that the SSL protocol is not used for certificate authentication? SSL protocol is the carrier of the certificate, the certificate is sent through the message of SSL, so no SSL can not transmit the certificate. When requesting an Exchange Server certificate, it is important to note that the certificate's subject name must contain the full domain name of the server you are using (such as www.exchange.com) or a wildcard domain name (*. exchange.com), otherwise the validation will be problematic.

The second article focuses on how to set up authentication methods for using certificates for Exchange ActiveSync Services. In addition to the optional steps, others are necessary.

The third chapter is mainly about

This article is from the "Collect Tile hing ge" blog, please make sure to keep this source http://ponyjia.blog.51cto.com/917324/1619932

All-in-a-way tracking configure Exchange Actviesync using certificate authentication