So you have two certs for the SA, correct? One for normal access, ie. secure.domain.com, and another for activesync, activesync.domain.com? Is this a wildcard cert? What version of Windows Mobile are you running? Windows Mobile 5 and below don't support wildcard certs.
Also, I wonder if the Verisign Trial certs use a different root CA that might not be trusted on your phone. Just a guess.
It's single certs for normal, and for activesynce (like your example: One for normal access, ie. secure.domain.com, and another for activesync, activesync.domain.com). No wildcard certs. We're running WM 5/6 (multiple phones), and iPhones (the main driving force behind this implementation). We're using the Verisign Trial Cert, which requires a Verisign Trial CA to be added (which the phones don't seem to like).
I did, however, try the trick of unchecking SSL required and once I did that, the cert issue cleared up (so now I'm not sure if I'm encrypted or not at that point, but thinking not), instead now I get server not found (Error code: 0x80072F78).
Again, I appreciate your help.
I spoke with JTAC, and the only way to do the self signed cert is by resetting the configs (which I did), and used the self signed cert. I then imported the system/user configs minus the certs, and then manually installed the certs again (from configs), so it wouldnt' overwrite the new self signed cert. Once I did that, I was able to download the self signed cert, and the phones now work, and the iPhone sends a warning, which you choose to accept the cert, then lets ActiveSync work..
Thanks again for your help privatepile.
It works but I have a problem understanding the security implications.
The instructions say "No Authorization" for the reverse proxy.
In my understanding that basically means that your whole internal IIS Default Web site is now exposed to the Internet.
You basically send all requests directed at the reverse proxy name unfiltered/unauthenticated to the backend server.
I would prefer e.g. a certificate authentication at the IVE as a first line of defense. Is that possible? Getting a certificate onto the iPhone doesn't seem to be too hard.
Go to Settings/Mail,Contacts,Calendars
Accouts--> Add Account
external hostname of activesync virtual port (async.company.com)