Placing Server Certificates on Mobile Devices

Friday, June 29, 2007
About the only thing that's difficult in setting up Exchange ActiveSync on a mobile device is getting the server certificate on it. Of course, this is a non-issue if you're using a trusted certification authority like Verisign, Thawte, GoDaddy, etc. I wrote these procedures for those of you who don't want the trouble or expense of buying an SSL cert and want to use the Exchange self-signed certificate.

Export the Certificate

  • Log into the Exchange server with administrative rights and run IIS Manager
  • Expand Local Computer Web Sites
  • Right-click Default Web Site and select Properties
  • Click the Directory Security tab
  • Click View Certificate
  • On the Details tab click Copy to File..., Next, Next, Next
  • Enter the path and filename to use for the certificate export (i.e., C:\server.cer)
  • Click Finish to export the certificate
How to Put the Certificate on the Phone

Option 1, Using Windows ActiveSync

Option 2, Using Email

  • If there is an alternate form of email on the device, email the cert to your device
  • Open the attachment and import it

Option 3, Using a Website

  • Send server.cer to a compressed folder (zip file)
  • Put the zip file on a web server
  • Use Internet Explorer on the phone and navigate to the URL of the zip file to open it (i.e.,
  • Download, open and import it
If you have an older Windows Mobile 2002 or 2003 device, check out the SPAddCert utility from Microsoft, documented at