Installing Windows Mobile 6.0 Root Certificates

Recently I ran into a situation where we had purchased an Exchange certificate from a fairly common certificate authority (GeoTrust) and everything worked well with browsers automatically trusting the certificate… and then we picked up a Windows Mobile 6.0 device from Verizon. For whatever reason, Verizon or Microsoft has decided this particular CA was not trustworthy and isn’t in the default list, so ActiveSync fails to connect to the Exchange server. Fortunately, we can force the device to trust the certificate.

Windows Mobile 6.0 brought a change in how to install certificates. Users cannot install a certificate into the root certificates store on a phone unless the certificate is self-signed. This ensures that only true root certificates exist in the root store.

The pain here is that when you try installing a certificate such as the one used to secure Outlook Web Access it gets dumped in the personal store, and ActiveSync won’t connect because it can’t verify the certificate authority associated with the certificate. The solution is to get the certificate authority’s self-signed certificate into the root store. We can do this with the following steps:

  1. Open Internet Explorer and navigate to the site securing OWA. Click the lock next to the address bar. C 00

  2. Click the View Certificates link. C 01

  3. Click the Certification Path tab at the top. C 02

  4. Click the top certificate name first (the root CA) and then click View Certificate. C 03

  5. Click the Details tab. C 04

  6. Click the Copy to File… button. C 05

  7. Click Next to start the Certificate Export Wizard. C 06

  8. Click Next to export the certificate as a DER encoded binary X.509 (.CER) C 07

  9. Browse to a location where you’d like to save the certificate and give it a name. C 08

  10. Click Finish to complete the Certificate Export Wizard. C 09

  11. You should see a dialog that the export was successful. C 10

  12. Now copy that .cer file you created to the device in some way. Via a storage card, USB cable, Bluetooth, whatever. Just get the .cer in the file structure of the phone somehow.

  13. Power up the phone and click Start. W 01

  14. Find and open File Explorer. W 02

  15. Locate the .cer file you copied to the phone. I called mine root.cer. W 03

  16. Press Menu and then Install. W 05

  17. You should see a dialog that the install was successful. I’ve seen it fail on the first attempt before, so try a few times if you get an error. Press OK. W 06

  18. Navigate to the phone’s Settings option. W 07

  19. Click on Security and press OK. W 08

  20. Click on Certificates and press OK. W 09

  21. Click on Root and press OK. W 10

  22. Scroll to the end of the certificates list or keep pressing More. You should see the certificate you installed listed at the very end of the list. If it’s not there, try starting over and making sure you’re exporting the certificate authority’s certificate, and not yours. W 11

You can now test ActiveSync and it should be able to connect to the Exchange server without ever needing to install your OWA certificate. It’s automatically trusted because the certificate authority now exists in your root certificates store.

Peanut Gallery

  1. 1 Phillip

    Thanks that worked!

     
  2. 2 scott

    Thanks for posting this. Very helpful for a first time installation of a certificate to to Windows Mobile.

     
  3. 3 Rich

    My copy function is grayed out. Is there something else I need to do.

     
  4. 4 Victor

    hi

    I have followed above mentioned steps.

    My certificate installs in intermediate and not Root.!!!

    and i am still geting the same error message!!

    any help, i will appreciate.

    thanks

     
  5. 5 Jakob Hojer

    Thank’s a lot, this was very helpful, my IT depratment hasn’t been able to help me but the step-by-step screen shots certainly helped

     
  6. 6 Anita

    So what did u do Rich, when the Copy to File button is greyed out?

     
  7. 7 ChrisE

    My copy to file button is also greyed out.

     
  8. 8 lani

    Perfect guide! Thanks a lot. I didn´t have to perform steps 18-22 on my brand new HTC Diamond2.

     
  9. 9 gilby

    Rich, you need to run IE as administrator

     
  10. 10 Mobile Developer

    Thank you for posting this… very helpful for windows mobile users and developers.

     
  11. 12 Marc

    I have a new HTC HD2 device and could’nt synchronise with OWA because of 0×80072FOD error. I followed the steps deeeopped above and… it works!

    Thanks a lot

    The most amazing is that the customer service of HTC didn’t knew the answer!

     
  12. 13 Gepetto

    It’s very helpfull. Tested on Samsung Omnia. Everything works fine

     
  13. 14 Kelvin Arcelay

    Yup…your instructions are on target. Thanks

     
  14. 15 hans

    Good advice, worked on HTC s740…!

     
  15. 16 Linc

    New HTC HD2, worked perfectly, very clear, thanks, saved me a lot of grief!

     
  16. 17 d3b14n

    hey everyone,

    have the same problem as victor, my cert installs as intermediate and not as root, what can I do about it??? anyone has any answers how to solve this?

    thx for your help poldy

     
  17. 18 ITman

    I am using an HTC Diamond2 and I am amazed at how far back Windows Mobile 6.5 is.

    The AppleOS on the Iphone finds the certificate automatically and says ‘Do you want to install it’ and it’s job done.

    Why is windows mobile so useless?

     
  18. 19 Osman

    Wow! This advice is from 2007 and it is still valid :-)

    I walked through step by step and my HD2 with WM6.5.1 is synchronizing again!

    Thanks a lot!

     
  19. 20 Fahad

    Thanks a lot

    I walked through step by step and my HD2 is synchronizing again!

     

Speak Up