Windows Mobile and Third Party Certs
So you’ve decided to use a third party SSL certification for Exchange but now are having trouble with the mobile device not accepting the certificate? While Windows Mobile devices do have some third party certs built in (Cyber Trust, Entrust.net, Geotrust, GlobalSign, GoDaddy, Thawte, and Verisign), there are also a whole host of other third party certs out there that you may run across. If you use a cert that is not already built in, the easiest way to add your root certificate to your Windows Mobile devices is to create a custom CAB file.
Open up the certificate with Explorer.
Click on the “Certification Path” tab and make sure to click on the root certificate.
Click on the “Details” tab, click on “Thumbprint” and copy the thumbprint string
Export the certificate in Base-64 encoded X.509
Create the certificate XML using the store, thumbprint, and base64 encoded certificate:
<wap-provisioningdoc>
<characteristic type=”CertificateStore”>
<characteristic type=”ROOT” >
<characteristic type=”thumbprint-goes-here“>
<parm name=”EncodedCertificate” value=”
Certificate-goes-here>
</characteristic>
</characteristic>
</characteristic>
</wap-provisioningdoc>
Save the XML file as _setup.xml and make it into a cab file: makecab _setup.xml rootcert.cab
Just be sure to copy the thumbprint of the certificate after the “characteristic type =”.
Copy the CAB to your mobile device and run it. This will automatically install the correct certificate.
Save the CAB to your server for future use and adding exchange access to additional mobile devices will be a breeze!