http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] Installing Windows Mobile 6.0 Root Certificates Tuesday, October 9th, 2007 Recently I ran into a situation where we had purchased an Exchange certificate from a fairly common certificate authority (GeoTrust) and everything worked well with browsers automatically trusting the certificate and then we picked up a Windows Mobile 6.0 device from Verizon. For whatever reason, Verizon or Microsoft has decided this particular CA was not trustworthy and isnt in the default list, so ActiveSync fails to connect to the Exchange server. Fortunately, we can force the device to trust the certificate. Windows Mobile 6.0 brought a change in how to install certificates. Users cannot install a certificate into the root certificates store on a phone unless the certificate is self-signed. This ensures that only true root certificates exist in the root store. The pain here is that when you try installing a certificate such as the one used to secure Outlook Web Access it gets dumped in the personal store, and ActiveSync wont connect because it cant verify the certificate authority associated with the certificate. The solution is to get the certificate authoritys self-signed certificate into the root store. We can do this with the following steps: 1. Open Internet Explorer and navigate to the site securing OWA. Click the lock next to the address bar. ![C 00](http://www.confusedamused.com/wp-content/uploads/2007/10/c-001.png) 2. Click the **View Certificates** link. ![C 01](http://www.confusedamused.com/wp-content/pictures/2007/10/c-01.png) 3. Click the **Certification Path** tab at the top. ![C 02](http://www.confusedamused.com/wp-content/pictures/2007/10/c-02.png) 4. Click the top certificate name first (the root CA) and then click **View Certificate**. ![C 03](http://www.confusedamused.com/wp-content/pictures/2007/10/c-03.png) 5. Click the **Details** tab. ![C 04](http://www.confusedamused.com/wp-content/pictures/2007/10/c-04.png) 6. Click the **Copy to File** button. ![C 05](http://www.confusedamused.com/wp-content/pictures/2007/10/c-05.png) 7. Click **Next** to start the Certificate Export Wizard. ![C 06](http://www.confusedamused.com/wp-content/pictures/2007/10/c-06.png) 8. Click **Next** to export the certificate as a DER encoded binary X.509 (.CER) ![C 07](http://www.confusedamused.com/wp-content/pictures/2007/10/c-07.png) 9. Browse to a location where youd like to save the certificate and give it a name. ![C 08](http://www.confusedamused.com/wp-content/pictures/2007/10/c-08.png) 10. Click **Finish** to complete the Certificate Export Wizard. ![C 09](http://www.confusedamused.com/wp-content/pictures/2007/10/c-09.png) 11. You should see a dialog that the export was successful. Hi. My name is Tom Pacyk. I live in San Francisco Chicago and work with technology products, most of which start with the word Microsoft.
Lync Server 2013 Unleashed Brand spankin' new. Learn Lync 2013 and contribute to my daughter's college fund. Everybody wins. Lync Server 2010 Unleashed An oldie, but a goodie. Grab one today before it becomes a rare collector's item. Installing Windows Mobile 6.0 Root Certificates | Confused Amused http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] ![C 10](http://www.confusedamused.com/wp-content/pictures/2007/10/c-10.png) 12. Now copy that .cer file you created to the device in some way. Via a storage card, USB cable, Bluetooth, whatever. J ust get the .cer in the file structure of the phone somehow. 13. Power up the phone and click **Start**. ![W 01](http://www.confusedamused.com/wp-content/pictures/2007/10/w-01.png) 14. Find and open **File Explorer**. ![W 02](http://www.confusedamused.com/wp-content/pictures/2007/10/w-02.png) 15. Locate the .cer file you copied to the phone. I called mine root.cer. ![W 03](http://www.confusedamused.com/wp-content/pictures/2007/10/w-03.png) 16. Press **Menu** and then **Install**. ![W 05](http://www.confusedamused.com/wp-content/pictures/2007/10/w-05.png) 17. You should see a dialog that the install was successful. Ive seen it fail on the first attempt before, so try a few times if you get an error. Press **OK**. ![W 06](http://www.confusedamused.com/wp-content/pictures/2007/10/w-06.png) 18. Navigate to the phones **Settings** option. ![W 07](http://www.confusedamused.com/wp-content/pictures/2007/10/w-07.png) 19. Click on **Security** and press OK. ![W 08](http://www.confusedamused.com/wp-content/pictures/2007/10/w-08.png) 20. Click on **Certificates** and press OK. ![W 09](http://www.confusedamused.com/wp-content/pictures/2007/10/w-09.png) 21. Click on **Root** and press OK. ![W 10](http://www.confusedamused.com/wp-content/pictures/2007/10/w-10.png) 22. Scroll to the end of the certificates list or keep pressing **More**. You should see the certificate you installed listed at the very end of the list. If its not there, try starting over and making sure youre exporting the certificate authoritys certificate, and not yours. ![W 11](http://www.confusedamused.com/wp-content/pictures/2007/10/w-11.png) You can now test ActiveSync and it should be able to connect to the Exchange server without ever needing to install your OWA certificate. Its automatically trusted because the certificate authority now exists in your root certificates store. Comments from the Peanut Gallery Phillip J anuary 9th, 2008 Thanks that worked! scott September 23rd, 2008 Installing Windows Mobile 6.0 Root Certificates | Confused Amused http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] Thanks for posting this. Very helpful for a first time installation of a certificate to to Windows Mobile. Rich J anuary 29th, 2009 My copy function is grayed out. Is there something else I need to do. Victor February 26th, 2009 hi I have followed above mentioned steps. My certificate installs in intermediate and not Root.!!! and i am still geting the same error message!! any help, i will appreciate. thanks J akob Hojer March 24th, 2009 Thanks a lot, this was very helpful, my IT depratment hasnt been able to help me but the step-by-step screen shots certainly helped Anita April 11th, 2009 So what did u do Rich, when the Copy to File button is greyed out? ChrisE April 24th, 2009 My copy to file button is also greyed out. lani May 19th, 2009 Perfect guide! Thanks a lot. I didnt have to perform steps 18-22 on my brand new HTC Diamond2. gilby May 20th, 2009 Rich, you need to run IE as administrator Mobile Developer J une 12th, 2009 Thank you for posting this very helpful for windows mobile users and developers. Marc Installing Windows Mobile 6.0 Root Certificates | Confused Amused http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] February 10th, 2010 I have a new HTC HD2 device and couldnt synchronise with OWA because of 0x80072FOD error. I followed the steps deeeopped above and it works! Thanks a lot The most amazing is that the customer service of HTC didnt knew the answer! Gepetto February 10th, 2010 Its very helpfull. Tested on Samsung Omnia. Everything works fine Kelvin Arcelay May 2nd, 2010 Yupyour instructions are on target. Thanks hans May 4th, 2010 Good advice, worked on HTC s740! Linc J une 3rd, 2010 New HTC HD2, worked perfectly, very clear, thanks, saved me a lot of grief! d3b14n J uly 16th, 2010 hey everyone, have the same problem as victor, my cert installs as intermediate and not as root, what can I do about it??? anyone has any answers how to solve this? thx for your help poldy ITman J uly 16th, 2010 I am using an HTC Diamond2 and I am amazed at how far back Windows Mobile 6.5 is. The AppleOS on the Iphone finds the certificate automatically and says Do you want to install it and its job done. Why is windows mobile so useless? Osman J uly 21st, 2010 Wow! This advice is from 2007 and it is still valid Installing Windows Mobile 6.0 Root Certificates | Confused Amused http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] I walked through step by step and my HD2 with WM6.5.1 is synchronizing again! Thanks a lot! Fahad J uly 26th, 2010 Thanks a lot I walked through step by step and my HD2 is synchronizing again! Simon August 23rd, 2010 Anyone having trouble with not being able to install certificates to the root section, ensure you select THE TOP LEVEL certificate in the list from the OWA Certification Path settings. You may have more than 2 levels of certificates in the OWA list, its easy to mistakenly select the last/lowest in the list, when you actually need the top level one. S. piccolo August 26th, 2010 Perfect ! Thanks a lot, quite straightforward guide J im August 27th, 2010 works like a charm! thanks for posting this! Installing Windows Mobile 6.0 Root Certificates | Confused Amused http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] Richard November 13th, 2010 Hi thanks for the tutorial, but ive try and it my root certificate install as intermediate. ive checked that i was at the top level. have somebody resolve this issue ?? Defredo November 19th, 2010 If you have lots of users needing it. Zip the file and post it on your internet. then send out this email To all staff with a Windows Mobile company phone (i.e. not Blackberry or iPhone) will have noticed their phones were not automatically updating for the last day or so. Please read the below instructions and follow on the phone itself: 1) Click this link: https://YourWebAddress/root.zip 2) Click Open. 3) Expand root.zip by clicking the +symbol. 4) Double click root.cer. 5) Click OK on the message One or more certificates were installed successfully it will take about 10 seconds to appear after double clicking. 6) Close the Zip window, the download window and the browser. 7) Click Start in the top left corner. 8) Scroll down until you find the Tools button and click it. 9) Click ActiveSync 10) Click Sync Your emails should now come through automatically again. If you are still not getting emails, follow steps 7-10 again. If it still does not work, restart the phone by holding the hang up button for 5 seconds, then click Power Off. Once the device is off, press the hang up button again to turn back on. Any problems, please call IT on the below number. Apologies for the inconvenience our certificate vendor has upgraded their security and the preloaded certificates we shipped with the phones would not accept the high security settings. Many Thanks, abdul December 31st, 2010 I have only one certificate level and when I install it goes in intermediate level not the root. I am using Blackjack 2 windows mobile 6.1. Can any one please suggest any help ? how to move the certificate from intermediate to root? or to disable the Installing Windows Mobile 6.0 Root Certificates | Confused Amused http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] certificate check of active sync completely? Daniel Huang J anuary 24th, 2011 Thanks very much! It helped me fixed my problem!! K Thomas February 3rd, 2011 Still havent got it working but at least have now realised that the Secure Server Certification Authority certificate expired a month ago which is probably causing the issue! Asybo2002 March 8th, 2011 Post 21 solved it for me. Thank you. Chris Noble March 17th, 2011 I love you! I was almost at the point of throwing myself out the window trying to get Email Synchronised, Microsoft help docs are absolutely useless but with your help its finally working! Miller April 19th, 2011 I have to mark here. this is the only workable method to me after I tried many kinds of way, search on google, microsoft support. its a total solution, no just a not clear diagnose again. Annonymous J uly 17th, 2011 Yep this worked all IT dept could do was tell me the certificate was never designed to work with WM6.1 or lower. Sounds like it was just bad Cert creation on their part when they compiled it without selecting the certificates top level as described in your step 4 above. Wish I had have searched for this 2 weeks ago rather than wait for their this can never work response. Adi Inbar April 10th, 2012 Thanks, very helpful. I was getting error 0x80072F0D The security certificate on the server is invalid when trying to sync with Exchange. Where I was getting stymied was that I exported the certs from the OWA server in every format available, but the device wouldnt recognize them as certs. The problem (which your instructions cleared up) is that the certs need to be in DER format but with a .cer extension, but Firefox by default exports DER certs with a .der extension. Also, I had to export and import that *entire* certificate chain before it worked (I dont mean using the certificate chain file format, I mean export and import each Installing Windows Mobile 6.0 Root Certificates | Confused Amused http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] Name: E-Mail Address: Website: individual certificate in the chain in DER format with a .cer extension). Anon J uly 24th, 2012 Thanks, Been trolling around for hours trying to sort this. Worked a treat. Mel Smith J uly 26th, 2012 Thankyou Thankyou Thankyou I have been trying to fix this issue with our Windows 6.5 phones when we migrated to our new exchange server, your a genius. You have made my Friday Ney November 14th, 2012 Excellent explanation! straight forward to solve the problem, THANK YOU SO MUCH!!! I had the same problem with an old i-Mate J AQ which had expired its security certificate, giving error code 0x80072FOD win mobile 5. Dom December 20th, 2012 Thank you so much. I had this problem with a clients samsung omnia with a trusted certificate and your post finally resolved it. Mant thanks. Marco Magri J anuary 4th, 2013 Perfect Solution and easy way to get the certificate and install it on my HTC Touch HD running windows mobile 6.1 and synch to exchange 2010. Easy solution that I have been trying to search for a solution for the past few weeks. Thanks a lot!!!! Chime In Comment:
Post Comment Installing Windows Mobile 6.0 Root Certificates | Confused Amused http://www.confusedamused.com/notebook/installing-windows-mobile-60-root-certificates/[2/4/2014 10:33:43 PM] Recent Articles Hot off the presses! Well, relatively. Lync MX and Skype Crash on Windows 8.1 Lync 2013 CU3 and Hosting Providers LYSS.exe High CPU Usage Lync Meeting Content and Attachments That Wont Download Lync 2013 and the RTCXDS 16 GB Transaction Log Limit Exchange 2013 Schema Prep Objects to Object References without an Object Lync 2013 Mobile Client Voicemail Avoiding Lync 2013 Certificate Prompts Lync 2013 Mobile Clients and Apache Reverse Proxy Cisco and Lync One-Way Audio Troubleshooting By Date By Tag By Subject The Archives The good, the bad, and the ugly, all still available for your viewing pleasure.
Roll Call Really smart folks, via NextHop. Tom Arbuthnot / Tommy Clarke / Michael Greenlee / Dustin Hannifin / Stle Hansen / Tim Harrington / Adam J acobs / Curtis J ohnstone / Russ Kaufman / Matt Landis / Ken Lasko / David Lim / Desmond Lee / Martin Lidholm / J ustin Morris / Thomas Ptt / Pat Richard / Brian Ricks / J eff Schertz / Elan Shudnow / Mike Stacey / Drago Tovec / Steven van Houttum / J ohn Weber / Randy Wintle Connect Fine Print Copyright Tom Pacyk. All Rights Reserved. This site runs on Wordpress and is hosted by Dreamhost. Opinions and content posted here are my own and are in no way reflective of my employer. The world of technology is ever- changing and what is true one day may not be the next. Follow my advice at your own risk - there are no warranties provided here.