After receiving a Samsung IP830W to allow international access to exchange, I had a big headache getting the device to sync with the exchange server.
The initial problem was caused by the SSL certificate having expired on the exchange server. Normal browsers can just hit the ok button to continue, but Windows Mobile5 will refuse to sync unless this is fixed.
Rather than purchase a new SSL certificate and wait the couple of weeks for Verisign or Network Solutions to provide me a certificate (this was needed *now*) I did some research and came up with the website SSL Enabling OWA 2003 using a free 3rd party certificate. Following the instructions was very simple and after a few minutes I had the certificate installed on the server. However the Windows Mobile Device would not accept the certificate! More research later the solution seemed to be to copy the cert file to the device and double click it but this still didn’t work.
In the end I copied the ca.cer file to my pc and then used the infrared connection to copy it to the device. This got around the previous problem I had with the certificate programs not recognising the previous certificate I had BUT I then got the issue “Security permission was insufficient to update your device”.
Whilst I was doing this I was on the phone with Sprint (on hold) for twenty minutes and at this point they answered the phone and were useless. They admitted they hadn’t had any training on this, that no certificates were allowed to be installed on the device and to contact Microsoft. I hung up on the guy as he obviously had no clue and downloaded the RegeditSTG file from Bernt Lervik. Using the instructions at Bernt’s site I edited the registry to allow the certificate to be installed. I did have to extract the zip file first and copy the exe file across as opposed to the zip file. Note that in order to expand the branches I had to use the center key within the rocker switch as the stylus/enter key wouldn’t work.
Start regeditSTG and navigate to the hive key HKLM\Security\Policies\Policies
Change the following three registry keys (hint: hit Values first)
a. 00001001 to 1 (was 2)
b. 00001005 to 40 (was 16)
c. 00001017 to 144 (was 128)
After that I was able to double click the ca.cer file to install it, and then start the activesync process with exchange.
Hope this (convuluted) solution will help any other users and me the next time I have to do this certification dance.