Reset Search
 

 

Article

KB19325 - How to configure Pulse Connect Secure to perform an additional check for a client certificate for ActiveSync connections on an iPhone

« Go Back

Information

 
Last Modified Date8/2/2015 8:08 PM
Synopsis

This article shows  How to configure Pulse Connect Secure to perform an additional check for a client certificate for ActiveSync connections on an iPhone before providing username/password credentials to the ActiveSync server.

Problem or Goal
Cause
Solution

Note

  • Certificate authentication to an ActiveSync server is not supported. In the following scenario, the initial connection to Pulse Connect Secure gateway requires a client certificate. If successful, username/password credentials are provided to the ActiveSync server.


Prerequisites

  • Certificate Authority Services must be installed on a member server/domain controller in your domain.
  • A device certificate for the Pulse Connect Secure device and client certificate must be generated using your certificate authority server. 
  • The iPhone Configuration Utility (iPCU) is installed on a Windows or Mac OS X machine

 


Pulse Connect Secure Gateway Configuration

Create a Virtual port on the Pulse Connect Secure device:

  1. Navigate to Network > Internal Port or External Port > Virtual Port.
 
  1. Click New Port.
  2. Provide a virtual port name and IP information. Click Save Changes.
  3. Navigate to Configuration > Certificates > Trusted Client CAs > Import CA certificate. Select the certificate authority (who signed the client certificate).
  4. Navigate to Configuration > Certificates > Trusted Server CAs > Import CA certificate. Select the certificate authority (who signed the server certificate installed on the ActiveSync server).  

Note: In the example below, the same certificate authority signed both the client and server certificate.

 
  1. Navigate to System > Security > SSL Options and scroll to the bottom. Under Require client certificate on these ports, select the virtual port (either internal or external port) and click Add.

 
  1. Navigate to Authentication > Signing In > New Sign-in Policy > New URL.
  2. From User Type, select Authorization only Access.
  3. For the Virtual host name, enter the URL that mobile devices will be accessing (for example, exch.ssl.com).  


ActiveSync Profile Configuration for iPhone

For client configuration, see KB17857 - How to configure ActiveSync on IVE for mobile clients.

The iPhone Configuration Utility helps create/manage configuration profiles. For more details, refer to the vendor link: http://www.apple.com/support/iphone/enterprise/.

Perform the steps below to create the ActiveSync profile with the iPhone Configuration Utility:

  1. For Backend URL, enter the URL of the ActiveSync server.  

    Optional: select Allow Active Sync traffic only to perform additional validation. When enabled, the Pulse Connect Secure device validates whether incoming traffic has the proper header information for ActiveSync.

     

  2. Open the iPhone Configuration Utility.
  3. Click New > Configuration Profiles.
  4. Select Exchange ActiveSync option and configure the user account.  
  5. In Exchange ActiveSync Host, enter the URL configured on the Pulse Connect Secure in Virtual Hostname (for example, exch.ssl.com).
  6. In the User and Password, enter the corresponding credentials to authenticate to the ActiveSync server.  
  7. Under Identity Certificate, select the client certificate from the drop-down menu.  
 

 


iPhone Configuration

  1. From the taskbar, click File > Export. This will create a <filename>.mobileconfig.
  2.  Import the ActiveSync profile on the mobile device by clicking the mobile configuration file attachment.  
  1. After the configuration is successfully imported, open the mail client to access emails.
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255