Running Exchange Server and synchronizing it with your Windows Phone 7.x or Windows Phone 8.x is no problem if you are using an official, external IP and more important, a public and trusted SSL-Certificate.
But what if you run your Exchange Server in a private, SOHO or SMB environment where such an SSL-Certificate isn't really proficient nor an external IP - other than something like your Cable-, DSL- or whatsoever Internet connection paired with DynDNS?
Well, it is "quite easy"! I am going to explain in short at the example of Exchange Server 2013 how to handle the issue:
Preliminaries
- You already setup the client access preliminaries, e.g. external addresses in your DynDNS, Firewall settings, internal and external DNS (if NAT traversal doesn't work).
- In your Exchange server, all settings needed for external client access already made, e.g. external (DynDNS) Domain for OWA etc. is already setup.
The final step:
- Open https://yourexchangeclientsideurl/ecp and login
- Click on 'servers' on the left navigation pane
- from the horizontal navigation, choose 'certificates' and than under select servers the server you use for client access.
- Now, click on the + symbol and create a NEW certificate.
- Choose "Create a self-signed certificate"
- The 'friendly' name can be whatever helps you to identify the certificate later on.
- Add the server(s) you want to apply the certificate to.
- You must add the external address to all needed Access forms
- You can add now additional domains - if you miss one that should be used in the certificate as well (which shouldn't be the case at this point however)
- Click finish.
- Now, on your Client Access Server, open the Certificate Manager (for your Local Computer)
- Go to Personal - Certificates
- Right click on the Certificate you use for your external (DynDNS) Address and click All Tasks - Export... on the context menu
- Don't export the private key - we don't need it for our purpose
- Choose DER encoded binary X.509 (.CER) as Certificate to be exported
- use a file name that helps you (again) to find the certificate, I personally recommend to store the certificate on a network location that is read-only accessible by all users within the Domain so that they can mail themselves the correct certificate. This does help you in reducing admin costs - and in terms of a private household, simplifies the attachment of further devices.
- Now, send yourself the certificate - of course you need to send it to a mail account that is accessible by your Windows Phone ;o)
- Open the Email on your mobile device and download the certificate and open it.
- Install the certificate
- Now, and if your Exchange environment was correctly installed, you can synchronize your mobile phone with your server.
- To verify if the phone got through to your account, open https://yourexchangeclientsideurl/owa and login.
- Go to Settings - Options and than on the left pane choose phone. Aside your potentially already connected Outlook client(s) you should find your phone here as well.
Note: This will happen (long) before your phone decides to come from the 'Syncing...' notification to sync or error notification.
If, why-soever, there are problems, you can first try to verify if everything is fine with a mobile phone with Android or iOS. Both do not care about non-trusted SSL certificates and will connect if (Active-/)Exchange-Sync if everything else is correct. The iOS client is by the way, the ideal client to test since it is less in-stable than the Android client (at the time I write this).
Well, I hope this little explanation was helpful, let me know your thoughts.
