There seems to be some confusion on the net in regards to setting up Exchange ActiveSync on Windows Mobile phones. By default, Exchange 2003 will require SSL and if the Exchange administrator does not buy a root certificate for the server he/she can install a "self signed" cert. When a self signed cert is in place, users will be prompted to "trust" the root certificate of the server, allowing you to proceed to the webpage/resource. Internet Explorer is configured to trust certain certificates, depending on who genertated them, Verisign, GeoTrust etc.
Unfortunately, for mobile phone users trying to setup Exchange ActiveSync, self signed certs require an extra step. The cert file must be preinstalled on the phone so that it will be trusted. This article will explain how you can extract the self-signed cert from your Exchange server, provided Outlook Web Access or Remote Web Workplace is running on your (your employers) server.
From your computer, access your Exchange account on the internet. This can be in the form of mail.yourcompany.com/remote, mail.yourcompany.com/Exchange, mail.yourcompany.com/OWA etc.
If your root cert is untrusted, you will see this dialog box.
Press the "View Certificate" button.
Press the "Details" tab.
Press the "Copy to File..." button.
Press "Next"
Make sure DER Encoded is selected and press "Next"
Press "Browse" to choose a location to save the file.
Choose a location, name it and press the "Save" button.
Press "Next"
Press "Finish"
Press "OK"
You have now saved your Exchange servers root certificate.
To install it on your phone, copy the "cer" file to your phone. You can use a memory card, or the "File Explorer" in ActiveSync on your desktop. Once the file is on your phone, use the File Manager on the phone to browse to the location of the file, then click on it and execute it. Follow the prompts to install it on your phone.
If you have a Motorola Q, you will need to perform a few extra steps.
Step 1. On your mobile, create a folder at the root of the phone called "Storage" copy the root.cer file and VZW_SpAddCert.exe into that folder.
Step 2. Using the File Manager on the phone, locate the VZW_SpAddCert.exe file in the /storage folder and run it. Select your certificate file and follow the prompts to install it.
Show/Hide commentsI followed the directions but got an error message at the last step, Step 2. I have a Moto ! and the error is:
Alert
Access denied. The program cannot start because it is not digitally signed with a trusted certificate.
Curiously, I could use the certificate to connect to my site that is protected with a self-signed certificate.
BTW, I downloaded the VZW_SpAddCert.exe from this site under downloads, Windows Mobile.
Doug
Doug
Show/Hide comment form
