Menu

Configure the Exchange server

To configure the Exchange server for authenticating device users with Exchange ActiveSync, additional configuration needs to be done over enterprise systems for enabling AD Client Certificate Authentication & configuring client certificate mapping.

Enabling AD Client Certificate Authentication (CA)

To enable Certificate Authentication (CA), complete the following steps:

  1. On your enterprise system (Windows Server), click Start > Run.
  2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
    • Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
  3. In the Connections node, select the name of your web server, and then double-click Authentication in the “IIS” section.
  4. Double-click Active Directory Client Certificate Authentication, and then click Enable in the “Actions” window.
NOTE—After enabling Active Directory Client Certificate Authentication, SSL must be enabled to use Active Directory Client Certificate Authentication.

Enabling SSL

To enable SSL, complete the following steps:

  1. On your enterprise system (Windows Server), click Start > Run.
  2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
    • Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
  3. In the Connections node, select Microsoft-Server-ActiveSync under Default Web Site, and then double-click SSL Settings in the “IIS” section.
  4. Click the check box next to Require SSL, and then click Require under Client certificates.
  5. Click Apply in the “Actions” window.

Configuring client certificate mapping

Configure client certificate mapping after enabling Certificate Authentication and applying SSL.

To configure client certificate mapping, complete the following steps:

  1. On your enterprise system (Windows Server), click Start > Run.
  2. Type inetmgr, and then click OK to open the Internet Information Services (IIS) Manager.
    • Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
  3. In the Connections node, select Microsoft-Server-ActiveSync under Default Web Site, and then double-click Configuration Editor in the “IIS” section.
  4. From the Section drop-down menu, navigate to system.webServer/security/authentication.
  5. Select True in the “enabled” section, and then click Apply in the “Actions” window.