I have a customer that still uses Blackberry phone with their SBS 2011 server with Exchange 2010. Their previous BlackBerry 10 connected up with no problems to Exchange and ActiveSync several years ago. The owner recently replaced his BB10 with a newer BB Priv.
When he went to configure his new phone to Exchange, however, it was asking him to install a SSL security certificate, which the previous phone did not require.
Listed below are the steps we took to get his phone connected to Exchange.
Two things to note before we begin:
- The person with the phone needs to setup up an alternate email (such as GMail) on the phone before proceeding. The reason will become obvious below.
- You need access to the SBS/Exchange server to export the SSL certificate, and then email the exported certificate file to the user
So, let’s get started
Part 1 – From the SBS/Exchange Server, create an exported PFX certificate file
- From the server, open up MMC from an administrator level command prompt
- Select to load the Certificates snap-in to the local Computer account.
(Note: if you do not know how to do this process, see this Microsoft article for detail instructions)
- Drill down Certificates –> Personal –> Certificates and locate your SSL certificate from the middle pane
- Right click on the certificate, then select All Tasks –> Export
- Click Next –> Click Yes, export Private Key –> verify PFX format is selected
- Enter a password when prompted (keep it short – very short, like ‘abc’)
- Click browse to assign a filename and select a location to save the exported file
Part 2 – Send PFX file to user’s alternate mail account
- Now, you need to email the PFX certificate file you just created to the user, sending it as an attachment to the user’s alternate email account on his or her phone.
- How you do this is up to you – I’m sure you can figure out this step.
Part 3 – User creates Exchange account and installs SSL certificate on the phone
The following instructions are general in nature, and not specific, because I did not do these steps myself. My customer was able to do it, with just a couple of corrections that I was able to walk him through by phone.
- First, user should open up the Gmail (or other) account on their phone, locate the email you sent them, and select to save (download) the attachment to the phone. Just download the file, do not try to install it.
- Now let’s start creating the Exchange account.
- Select Settings –> Accounts –> Add Accounts –> Exchange
- Enter your email address and password.
- Phone will go out and check things, and should come back asking for more server information.
- For your username: enter DOMAINNAME\USERNAME
- When prompted, select to install a certificate, and located the file you saved.
- For the server name/address, enter the URL you would use to access your OWA account – such as remote.servername.com or mail.servername.com.
- Select SSL/TLS (Accept all certificates)
At this point, it should start setting up your email account. Good luck!