Certificate authentication to an ActiveSync server is not supported. In the following scenario, the initial connection to Pulse Connect Secure gateway requires a client certificate. If successful, username/password credentials are provided to the ActiveSync server.
- Certificate Authority Services must be installed on a member server/domain controller in your domain.
- A device certificate for the Pulse Connect Secure device and client certificate must be generated using your certificate authority server.
- The iPhone Configuration Utility (iPCU) is installed on a Windows or Mac OS X machine
Pulse Connect Secure Gateway Configuration
Create a Virtual port on the Pulse Connect Secure device:
- Navigate to Network > Internal Port or External Port > Virtual Port.
- Click New Port.
- Provide a virtual port name and IP information. Click Save Changes.
- Navigate to Configuration > Certificates > Trusted Client CAs > Import CA certificate. Select the certificate authority (who signed the client certificate).
- Navigate to Configuration > Certificates > Trusted Server CAs > Import CA certificate. Select the certificate authority (who signed the server certificate installed on the ActiveSync server).
Note: In the example below, the same certificate authority signed both the client and server certificate.
- Navigate to System > Security > SSL Options and scroll to the bottom. Under Require client certificate on these ports, select the virtual port (either internal or external port) and click Add.
- Navigate to Authentication > Signing In > New Sign-in Policy > New URL.
- From User Type, select Authorization only Access.
- For the Virtual host name, enter the URL that mobile devices will be accessing (for example,
ActiveSync Profile Configuration for iPhone
For client configuration, see KB17857 - How to configure ActiveSync on IVE for mobile clients.
The iPhone Configuration Utility helps create/manage configuration profiles. For more details, refer to the vendor link: http://www.apple.com/support/iphone/enterprise/.
Perform the steps below to create the ActiveSync profile with the iPhone Configuration Utility:
- For Backend URL, enter the URL of the ActiveSync server.
Optional: select Allow Active Sync traffic only to perform additional validation. When enabled, the Pulse Connect Secure device validates whether incoming traffic has the proper header information for ActiveSync.
- Open the iPhone Configuration Utility.
- Click New > Configuration Profiles.
- Select Exchange ActiveSync option and configure the user account.
- In Exchange ActiveSync Host, enter the URL configured on the Pulse Connect Secure in Virtual Hostname (for example,
- In the User and Password, enter the corresponding credentials to authenticate to the ActiveSync server.
- Under Identity Certificate, select the client certificate from the drop-down menu.
- From the taskbar, click File > Export. This will create a
- Import the ActiveSync profile on the mobile device by clicking the mobile configuration file attachment.
- After the configuration is successfully imported, open the mail client to access emails.