A few months ago, we migrated to Kerio MailServer at work and I’ve been absolutely in love with the fact that it natively supports Microsoft’s ActiveSync. This means I can sync my mail, contacts, calendar, and to-do lists directly to my WinMo5 based Palm Treo 700w over-the-air. The only complaint I’ve had, was that I’ve been doing it all via HTTP – yes, sans-SSL.

So, a few weeks ago, I set out to remedy the problem. I hopped around a few sites and did a little research and eventually decided to buy a two-year certificate from Go Daddy for $53 (I think). Getting it installed in Kerio was easy so then I tried changing ActiveSync on my Treo to use SSL. It failed. Miserably. Turns out, some of the reviews weren’t as accurate as I’d hoped and the new Go Daddy root certificate is not installed in Windows Mobile 5 by default as a trusted authority.

I searched and read and read some more to figure out how to do it. I found this slightly outdated knowledgebase article and started following the instructions. It didn’t work. In the process, I discovered that you can just copy the .cer file to the mobile device (I used an SD card) and open the .cer file from Explorer and you’re prompted to import it. Armed with this knowledge, I tried both the old “Valicert Root – DER Format” and the new “Go Daddy Class 2 Certification Authority Root Certificate – DER Format” with mixed results. One loaded and the other did not. However, I still couldn’t sync via SSL. A little bit more of my Google-fu and I found Go Daddy certs on certain phones by The SBS Diva. At the very bottom of her post is a jewel  It’s the binary versions of the Go Daddy root certificates. You can export these yourself from IE by following the instructions there if you don’t trust them. Otherwise, just download the zip file, extract the two files from the archive and get them copied over to your WinMo5 device somehow and execute them.

I can sleep a little easier tonight knowing my data is fully encrypted from my device back to the Kerio virtual machine.

(2) Comments   


Wayne on 7 May, 2008 at 2:19 pm #

Go Daddy’s Valicert Class 2 Root comes with Windows Mobile 5 AKU 2 and higher, so it should be on all but the oldest Windows Mobile 5 phones. If the cert chain is properly installed on the Web server, this root is all the phone needs to be able to recognize any Go Daddy cert. Windows Mobile 6 adds two newer Go Daddy roots.

Anjum on 21 October, 2008 at 7:30 am #

I have Windows Mobile 5 AKU 2 on my O2 and in root certificates it shows but still cannot sync with my mail server. After lot of search found lot of solution but not clear. I did the following and its working now perfectly for me. Just go to your exchange server certificates snap in. Expand the Intermediate CA and look for the following two certifcates:
1. godaddy class 2 certification authority and
2. godaddy secure certification authority
Right click on each of them and export them to DER format then copy them to your mobile device using active sync. Just click on each of them to install.
Then check in the root certifcates of your mobile the above two ICA should be listed. Enjoy!!!!

Post a Comment