Subscribe via RSS Feed Connect on LinkedIn

Lync 2013 5.4 iPhone/iPad “We can’t verify the certificate from the server”

30/04/2014 10 Comments

photo

 

It seems that in the latest version of Lync for the iPhone/iPad/iOS Microsoft have tightened up on the certificate checks. I hit this issue with a customer that had a public CA cert on their reverse proxy, but only an internal cert on a dev/test Lync 2013 edge. Previous to 5.4 Lync mobile signed in and worked fine, but on 5.4 it threw a cert error. The simple fix is to install the root cert/chain on the device.

If you are seeing this error, ensure you have the root cert/chain installed on your device (protip, you can email it to the device, even though you can’t open the certificate attachment in Outlook you can on the device).

You shouldn’t really hit this in an environment with proper public certificates from a provider trusted by iOS.

 

Update 2/5/2013: MSFT have now posted a KB on this: http://support.microsoft.com/kb/2965499/

 

Useful? Please take a second to shareTweet about this on TwitterShare on LinkedInShare on Google+Email this to someone
Tom Arbuthnot

Tom Arbuthnot

Managing Consultant at Modality Systems
Tom Arbuthnot is a Microsoft Lync Certified Master and MVP. He is a blogger, regular on The UC Architects Podcast, contributing writer to Lync Server 2013 Unleashed and speaker at events such as Lync Conference and The Microsoft UC User Group London. He is currently Managing Consultant at Modality Systems.
Tom Arbuthnot
Filed in: Lync • Tags: , ,

Comments (10)

Trackback URL | Comments RSS Feed

  1. Lucas says:

    Hello,
    I’m still facing this problem even after importing the Root CA on the Mobile Phone.

    Is there any other Certificate besides the CA Root that should be imported?
    Also, all the certificates published by my TMG are CA based. My external connections made by Notebooks with the Root CA works fine.

    Should i try to install the certificate using the Iphone Configuration Tool?

  2. Lucas says:

    No sir, I’m using my internal CA certificates;
    I tried to install the chain on the Iphone, but it does not execute the chain extension by default. Are you saying that I should import the chain certificate on the TMG server?

  3. Bitshuffler says:

    I’m still at a loss on this. I have the reverse-proxy configured on F5 BigIPs. Out certs are from GoDaddy. I have the G2 Bundle installed on the F5s and have imported the cert and the G2 bundle onto the iPhones. I’m sure it’s something silly, but… Everything worked fine until the 5.4 update.

    • Are you using a legit public CA?

      • bitshuffler says:

        As legit as GoDaddy gets. I’ve brought the chain into the F5s, tested the chain from external sites (green checks up and down) and still no love. This has pretty much much made all of the mobile Lync apps worthless.

  4. Lucas says:

    Any tips?

  5. Robbi says:

    I have follow this step. I have internal CA cert that have been trusted by my android. I can signed in and Lync 2013 have worked until 30 minutes later. After that, the error was occured again. The message is “We cant’t verify the certificate from the server. Please contact your support team”..
    I remove the trusted CA server, instal it again, and log in to lync succesfully. Nad the error occured about 30 minutes again. and so on.

    Please help me.

Leave a Reply