Exchange Active Sync with S/MIME not working

RaPo
Comes here often

Exchange Active Sync with S/MIME not working

Hello everyone,

 

I have created an active sync profile for iOS devices (iOS 11.4). I now want to enable certificate based E-Mail signing with a .pfx certificate from GlobalSign. Therefore I enabled

- Use SSL

- Use Client Certificate Authentication

- Enable S/MIME Message Signing

 

The certificate for the user was added using Owners -> Import -> Import certs and is properly shown at the owner and is transferred to the device.

 

E-Mails can be received but when I want to send a mail I receive the popup "signing not possible … no signing identity found". If I create the mail account manually the cert is detected properly and everything is working.

 

I also converted the .pfx into a .p12 cert but same problem

 

Have I missed anything?

 

Kind regards

RaPo

 

 

4 Replies 4
PhilipDAth
Kind of a big deal
Kind of a big deal

Are you using Outlook for iOS, or some other email client?  It not, I would try using the native Microsoft client.

 

I have found the mobile version of Outlook has much better integration with Exchange - but I have never tested S/MIME with it.

RaPo
Comes here often

Hello PhilipDAth,

 

no, we´re using the native iOS Mail App. Outlook App on iOS does not support SMIME.

 

When creating the profile manually with the usage of the Meraki pushed user certificate it works. But with the pushed Exchange active sync profile not. 

 

Additionally I tested first creating the Active Sync E-Mail account manually with SMIME and then pushing the profile. In this scenario everything is working fine, too. But as soon as I remove the manually created profile I get the same error with not finding a valid certificate again.

 

Thanks

Ralf

uptimejeff
Comes here often

You may need to manually select the certificate.

http://www.entrust.net/knowledge-base/technote.cfm?tn=70598

 

 

RaPo
Comes here often

Hi uptimejeff,

 

thanks for the reply. Manual Import of certificates is no Option as we plan a mass roll-out of 3500 certificates within our POC. 

End of last week I was informed by Cisco Meraki that they changes something and I have to create a new profile. There are now new checkboxes available we did not have before.

 

NewSmimeSettings_ExchangeActiveSync.PNG

 

Now everything is working fine.

 

Thanks all for your help

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels