Exchange 2K7, WM6, Activesync, my Orbit and SSL!!!

Guys I really need some help here please.

I have an externally hosted domain at which runs a number of things for me and will eventually have a site back on it. I need this hosted somewhere reliable and fast so running it off the server at home is a no go.

I also have in my house an AD called (a record pointed at ISP’s IP so I can view the site from my own network) within this runs Exchange 2007. Because this runs connected to a standard home user NTL BB subscription I also have a dynamic IP and therefore use dyndns to point at my kit at home.

So OWA address for my home stuff is When browsing to here you get an SSL error because the name is different from that which issued the cert.

I can live with the above but I’m assuming this is also the cause of my not being able to get my WM6 XDA Orbit to talk to Exchange? It’s set to point to but I always just get the 0x80072F17 error. The XDA has the cert from the CA on the internal network but I guess because the name is different it’s never going to work?

So can I use my CA to create an SSL cert that’s from I’d need to assign this to the OWA site I guess? Dyndns say that I should use my own cert rather than getting one from them.

I’m a complete numpty with SSL certs. I’ve never understood them (or really tried) so apologies if this is all sounding a bit dumb. I really need someone to take me through it step by step.

use stunnel in front of the service to get the certs to work, stunnel almost acts like a proxy, but with ssl auth working.

It goes something like this;

connect to

stunnel has the 443 socket open, does the ssl handshake and then essentially passes the request to the real address.

So for example I have stunnel running on port X for vnc as client-server mode. So my client MUST know the key to connect, stunnel does the auth with the client and then passes the packets to the real port.

I think that’s what you are asking for - but not 100% sure.


Had a few problems setting up SSL between my iphone and exchange myself recently. Have you got port 993 open on your exchange server and router?

Excuse me if I’m talking crap but hey… I’m back on the beer again after 10 months :cheers: