ActiveSync Tester Diagnostic

Diagnosis - ActiveSync is available but the certificate is not valid for the requested usage.
The Exchange server is correctly setup for mobile email. However the digital certificate on the Exchange server will not be accepted by a mobile handset as the certificate is not appropriate for a server establishing SSL connections. The certificate on the server was created for a purpose other than establishing SSL connections (e.g. device authentication).

Solution #1 - Use AccessMyLan
You can avoid having to purchase and configure digital certificates on your Exchange server and handsets by using AccessMyLan to secure all communications between your mobile handsets and your Exchange server. The AccessMyLan service also removes the need to reconfigure your firewall to allow connections from the Internet to your Exchange server.
Enable secure ActiveSync now by taking the AccessMyLan Free Trial ».

Solution #2 - Fix Certificate Problems
Digital Certificates are used to establish secure communications between systems on the Internet. A digital certificate deployed on a server is used by clients to validate the identity of the server and also to establish secure communications between the client and the server.

Click on the View Certificate button in the ActiveSync Tester results screen to view the certificate presented by the server and why the certificate is causing an issue. (This feature is not available on iOS.)

  • If the certificate is not trusted, you should either purchase a certificate from a Certification Authority (CA) trusted by your ActiveSync device or install the root certificate of the issuing Certification Authority on the device.
  • If the certificate is not valid for the requested usage, a server SSL certificate must be installed on the server.
  • If the certificate is self-signed, you will need to install the certificate as a trusted root on the device or purchase a certificate from a trusted CA.
  • If the certificate has expired and the date and time on your device is set correctly, you will need to renew the certificate or purchase a certificate from a trusted CA.
  • If the certificate revocation list (CRL) distribution point is not accessible, you need to either make the distribution point accessible (possibly by opening ports on your firewall) or deploy a new certificate without CRL issues on the server.

For more information on AccessMyLan and ActiveSync, consult the AccessMyLan Knowledge Base »

Disclaimer: All diagnostic and resolution information and associated links are provided as-is and AccessMyLan accept no repsonsibility for the accuracy or validity of any actions proposed. While feedback and suggestions are appreciated, we can not provide assistance to resolve generic ActiveSync configuration issues.