Configure the Exchange server
Last updated July 26th, 2023
To configure the Exchange server for authenticating device users with Exchange ActiveSync, additional configuration needs to be done over enterprise systems for enabling AD Client Certificate Authentication & configuring client certificate mapping.
Enabling AD Client Certificate Authentication (CA)
To enable Certificate Authentication (CA), complete the following steps:
-
On your enterprise system (Windows Server), click Start > Run.
-
Type
inetmgr
, and then click OK to open the Internet Information Services (IIS) Manager.- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
-
In the Connections node, select the name of your web server, and then double-click Authentication in the IIS section.
-
Double-click Active Directory Client Certificate Authentication, and then click Enable in the Actions window.
After enabling Active Directory Client Certificate Authentication, SSL must be enabled to use Active Directory Client Certificate Authentication.
Enabling SSL
To enable SSL, complete the following steps:
-
On your enterprise system (Windows Server), click Start > Run.
-
Type
inetmgr
, and then click OK to open the Internet Information Services (IIS) Manager.- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
-
In the Connections node, select Microsoft-Server-ActiveSync under Default Web Site, and then double-click SSL Settings in the IIS section.
-
Click the check box next to Require SSL, and then click Require under Client certificates.
-
Click Apply in the Actions window.
Configuring client certificate mapping
Configure client certificate mapping after enabling Certificate Authentication and applying SSL.
To configure client certificate mapping, complete the following steps:
-
On your enterprise system (Windows Server), click Start > Run.
-
Type
inetmgr
, and then click OK to open the Internet Information Services (IIS) Manager.- Alternately, on your desktop, you can click Start > Programs or All Programs > Administrative Tools > Internet Information Services (IIS) Manager to open the Internet Information Services (IIS) Manager.
-
In the Connections node, select Microsoft-Server-ActiveSync under Default Web Site, and then double-click Configuration Editor in the IIS section.
-
From the Section drop-down menu, navigate to system.webServer/security/authentication.
-
Select True in the enabled section, and then click Apply in the Actions window.
On this page
Is this page helpful?