You are on page 1of 9

Installing Windows Mobile 6.

0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
Installing Windows Mobile 6.0 Root Certificates
Tuesday, October 9th, 2007
Recently I ran into a situation where we had purchased an Exchange certificate
from a fairly common certificate authority (GeoTrust) and everything worked well
with browsers automatically trusting the certificate and then we picked up a
Windows Mobile 6.0 device from Verizon. For whatever reason, Verizon or
Microsoft has decided this particular CA was not trustworthy and isnt in the default
list, so ActiveSync fails to connect to the Exchange server. Fortunately, we can
force the device to trust the certificate.
Windows Mobile 6.0 brought a change in how to install certificates. Users cannot
install a certificate into the root certificates store on a phone unless the certificate is
self-signed. This ensures that only true root certificates exist in the root store.
The pain here is that when you try installing a certificate such as the one used to
secure Outlook Web Access it gets dumped in the personal store, and ActiveSync
wont connect because it cant verify the certificate authority associated with the
certificate. The solution is to get the certificate authoritys self-signed certificate into
the root store. We can do this with the following steps:
1. Open Internet Explorer and navigate to the site securing OWA. Click the lock
next to the address bar.
![C 00](
2. Click the **View Certificates** link.
![C 01](
3. Click the **Certification Path** tab at the top.
![C 02](
4. Click the top certificate name first (the root CA) and then click **View
![C 03](
5. Click the **Details** tab.
![C 04](
6. Click the **Copy to File** button.
![C 05](
7. Click **Next** to start the Certificate Export Wizard.
![C 06](
8. Click **Next** to export the certificate as a DER encoded binary X.509 (.CER)
![C 07](
9. Browse to a location where youd like to save the certificate and give it a name.
![C 08](
10. Click **Finish** to complete the Certificate Export Wizard.
![C 09](
11. You should see a dialog that the export was successful.
Hi. My name is Tom Pacyk. I
live in San Francisco Chicago
and work with technology
products, most of which start
with the word Microsoft.

Lync Server 2013
Brand spankin' new. Learn
Lync 2013 and contribute to
my daughter's college fund.
Everybody wins.
Lync Server 2010
An oldie, but a goodie. Grab
one today before it becomes a
rare collector's item.
Installing Windows Mobile 6.0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
![C 10](
12. Now copy that .cer file you created to the device in some way. Via a storage
card, USB cable, Bluetooth, whatever. J ust get the .cer in the file structure of the
phone somehow.
13. Power up the phone and click **Start**.
![W 01](
14. Find and open **File Explorer**.
![W 02](
15. Locate the .cer file you copied to the phone. I called mine root.cer.
![W 03](
16. Press **Menu** and then **Install**.
![W 05](
17. You should see a dialog that the install was successful. Ive seen it fail on the
first attempt before, so try a few times if you get an error. Press **OK**.
![W 06](
18. Navigate to the phones **Settings** option.
![W 07](
19. Click on **Security** and press OK.
![W 08](
20. Click on **Certificates** and press OK.
![W 09](
21. Click on **Root** and press OK.
![W 10](
22. Scroll to the end of the certificates list or keep pressing **More**. You should
see the certificate you installed listed at the very end of the list. If its not there, try
starting over and making sure youre exporting the certificate authoritys certificate,
and not yours.
![W 11](
You can now test ActiveSync and it should be able to connect to the Exchange
server without ever needing to install your OWA certificate. Its automatically trusted
because the certificate authority now exists in your root certificates store.
Comments from the Peanut Gallery
J anuary 9th, 2008
Thanks that worked!
September 23rd, 2008
Installing Windows Mobile 6.0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
Thanks for posting this. Very helpful for a first time installation of a certificate to to
Windows Mobile.
J anuary 29th, 2009
My copy function is grayed out. Is there something else I need to do.
February 26th, 2009
I have followed above mentioned steps.
My certificate installs in intermediate and not Root.!!!
and i am still geting the same error message!!
any help, i will appreciate.
J akob Hojer
March 24th, 2009
Thanks a lot, this was very helpful, my IT depratment hasnt been able to help me
but the step-by-step screen shots certainly helped
April 11th, 2009
So what did u do Rich, when the Copy to File button is greyed out?
April 24th, 2009
My copy to file button is also greyed out.
May 19th, 2009
Perfect guide! Thanks a lot. I didnt have to perform steps 18-22 on my brand new
HTC Diamond2.
May 20th, 2009
Rich, you need to run IE as administrator
Mobile Developer
J une 12th, 2009
Thank you for posting this very helpful for windows mobile users and developers.
Installing Windows Mobile 6.0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
February 10th, 2010
I have a new HTC HD2 device and couldnt synchronise with OWA because of
0x80072FOD error. I followed the steps deeeopped above and it works!
Thanks a lot
The most amazing is that the customer service of HTC didnt knew the answer!
February 10th, 2010
Its very helpfull. Tested on Samsung Omnia. Everything works fine
Kelvin Arcelay
May 2nd, 2010
Yupyour instructions are on target. Thanks
May 4th, 2010
Good advice, worked on HTC s740!
J une 3rd, 2010
New HTC HD2, worked perfectly, very clear, thanks, saved me a lot of grief!
J uly 16th, 2010
hey everyone,
have the same problem as victor, my cert installs as intermediate and not as root,
what can I do about it???
anyone has any answers how to solve this?
thx for your help
J uly 16th, 2010
I am using an HTC Diamond2 and I am amazed at how far back Windows Mobile
6.5 is.
The AppleOS on the Iphone finds the certificate automatically and says Do you
want to install it and its job done.
Why is windows mobile so useless?
J uly 21st, 2010
Wow! This advice is from 2007 and it is still valid
Installing Windows Mobile 6.0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
I walked through step by step and my HD2 with WM6.5.1 is synchronizing again!
Thanks a lot!
J uly 26th, 2010
Thanks a lot
I walked through step by step and my HD2 is synchronizing again!
August 23rd, 2010
Anyone having trouble with not being able to install certificates to the root section,
ensure you select THE TOP LEVEL certificate in the list from the OWA Certification
settings. You may have more than 2 levels of certificates in the OWA list, its easy
to mistakenly select the last/lowest in the list, when you actually need the top level
August 26th, 2010
Perfect !
Thanks a lot, quite straightforward guide
J im
August 27th, 2010
works like a charm! thanks for posting this!
Installing Windows Mobile 6.0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
November 13th, 2010
Hi thanks for the tutorial, but ive try and it my root certificate install as intermediate.
ive checked that i was at the top level. have somebody resolve this issue ??
November 19th, 2010
If you have lots of users needing it.
Zip the file and post it on your internet.
then send out this email
To all staff with a Windows Mobile company phone (i.e. not Blackberry or iPhone)
will have noticed their phones were not automatically updating for the last day or
Please read the below instructions and follow on the phone itself:
1) Click this link: https://YourWebAddress/
2) Click Open.
3) Expand by clicking the +symbol.
4) Double click root.cer.
5) Click OK on the message One or more certificates were installed successfully
it will take about 10 seconds to appear after double clicking.
6) Close the Zip window, the download window and the browser.
7) Click Start in the top left corner.
8) Scroll down until you find the Tools button and click it.
9) Click ActiveSync
10) Click Sync
Your emails should now come through automatically again.
If you are still not getting emails, follow steps 7-10 again. If it still does not work,
restart the phone by holding the hang up button for 5 seconds, then click Power
Off. Once the device is off, press the hang up button again to turn back on.
Any problems, please call IT on the below number.
Apologies for the inconvenience our certificate vendor has upgraded their security
and the preloaded certificates we shipped with the phones would not accept the
high security settings.
Many Thanks,
December 31st, 2010
I have only one certificate level and when I install it goes in intermediate level not
the root. I am using Blackjack 2 windows mobile 6.1. Can any one please suggest
any help ? how to move the certificate from intermediate to root? or to disable the
Installing Windows Mobile 6.0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
certificate check of active sync completely?
Daniel Huang
J anuary 24th, 2011
Thanks very much! It helped me fixed my problem!!
K Thomas
February 3rd, 2011
Still havent got it working but at least have now realised that the Secure Server
Certification Authority certificate expired a month ago which is probably causing the
March 8th, 2011
Post 21 solved it for me.
Thank you.
Chris Noble
March 17th, 2011
I love you! I was almost at the point of throwing myself out the window trying to get
Email Synchronised, Microsoft help docs are absolutely useless but with your help
its finally working!
April 19th, 2011
I have to mark here. this is the only workable method to me after I tried many kinds
of way, search on google, microsoft support.
its a total solution, no just a not clear diagnose again.
J uly 17th, 2011
Yep this worked all IT dept could do was tell me the certificate was never
designed to work with WM6.1 or lower. Sounds like it was just bad Cert creation on
their part when they compiled it without selecting the certificates top level as
described in your step 4 above. Wish I had have searched for this 2 weeks ago
rather than wait for their this can never work response.
Adi Inbar
April 10th, 2012
Thanks, very helpful. I was getting error 0x80072F0D The security certificate on
the server is invalid when trying to sync with Exchange. Where I was getting
stymied was that I exported the certs from the OWA server in every format
available, but the device wouldnt recognize them as certs. The problem (which
your instructions cleared up) is that the certs need to be in DER format but with a
.cer extension, but Firefox by default exports DER certs with a .der extension.
Also, I had to export and import that *entire* certificate chain before it worked (I
dont mean using the certificate chain file format, I mean export and import each
Installing Windows Mobile 6.0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
E-Mail Address:
individual certificate in the chain in DER format with a .cer extension).
J uly 24th, 2012
Thanks, Been trolling around for hours trying to sort this. Worked a treat.
Mel Smith
J uly 26th, 2012
Thankyou Thankyou Thankyou I have been trying to fix this issue with our Windows
6.5 phones when we migrated to our new exchange server, your a genius. You
have made my Friday
November 14th, 2012
Excellent explanation! straight forward to solve the problem, THANK YOU SO
I had the same problem with an old i-Mate J AQ which had expired its security
certificate, giving error code 0x80072FOD win mobile 5.
December 20th, 2012
Thank you so much. I had this problem with a clients samsung omnia with a trusted
certificate and your post finally resolved it. Mant thanks.
Marco Magri
J anuary 4th, 2013
Perfect Solution and easy way to get the certificate and install it on my HTC Touch
HD running windows mobile 6.1 and synch to exchange 2010. Easy solution that I
have been trying to search for a solution for the past few weeks.
Thanks a lot!!!!
Chime In

Post Comment
Installing Windows Mobile 6.0 Root Certificates | Confused Amused[2/4/2014 10:33:43 PM]
Recent Articles
Hot off the presses! Well, relatively.
Lync MX and Skype Crash on Windows 8.1
Lync 2013 CU3 and Hosting Providers
LYSS.exe High CPU Usage
Lync Meeting Content and Attachments That
Wont Download
Lync 2013 and the RTCXDS 16 GB Transaction
Log Limit
Exchange 2013 Schema Prep Objects to Object
References without an Object
Lync 2013 Mobile Client Voicemail
Avoiding Lync 2013 Certificate Prompts
Lync 2013 Mobile Clients and Apache Reverse
Cisco and Lync One-Way Audio
By Date
By Tag
By Subject
The Archives
The good, the bad, and the ugly, all still
available for your viewing pleasure.

Roll Call
Really smart folks, via NextHop.
Tom Arbuthnot / Tommy Clarke / Michael
Greenlee / Dustin Hannifin / Stle Hansen / Tim
Harrington / Adam J acobs / Curtis J ohnstone /
Russ Kaufman / Matt Landis / Ken Lasko /
David Lim / Desmond Lee / Martin Lidholm /
J ustin Morris / Thomas Ptt / Pat Richard / Brian
Ricks / J eff Schertz / Elan Shudnow / Mike
Stacey / Drago Tovec / Steven van Houttum /
J ohn Weber / Randy Wintle
Fine Print
Copyright Tom Pacyk. All Rights Reserved.
This site runs on Wordpress and is hosted by
Dreamhost. Opinions and content posted here
are my own and are in no way reflective of my
employer. The world of technology is ever-
changing and what is true one day may not be
the next. Follow my advice at your own risk -
there are no warranties provided here.