More Windows Mobile follies
Yesterday, all of a sudden my Windows Mobile device stopped automatically syncing my e-mail. In fact, when I tried to sync, it would pop up with a box asking me to confirm my password. At first, when I saw this, I thought that my password had expired (I do have to change it every so often), as entering my current password resulted in the password prompt coming right back. I checked network access on my computer and found that my password had not expired yet, so I wondered what was going on.

Then, I found out that our certificate had expired and been renewed, but the CA that we use had for some reason used a cert from a different chained trusted CA. This chained CA was, of course, NOT in the short list of trusted CA's included with Windows Mobile. Now, how to go about getting this corrected.

Oh - BTW, this error also prevented ActiveSync (Exchange portions only) from working when directly attached to my computer as well.

Fortunately, installing a cert on Windows Mobile is fairly easy. Of note is that I do have an unlocked device, so I can pretty much do whatever I want with it. Installing a cert may not be this easy (or possible at all) on locked devices. For me, this is what I did.

1. Obtained ALL certificates in the chain. This was completed by accessing our OWA website and exporting all certificates in the chain to DER encoded binary files (.cer).
2. Copy .cer files to WM device.
3. Open File Explorer on WM device and simply click on the certificate. It will ask you if you want to install the certificate. Simply choose "yes" and you are done.

Once I had the certs installed, everything worked fine again. I won't discuss my disappointment with so few root certificates being installed by default with Windows Mobile. I'm just happy I was able to install the other certs.
- posted by Ben Winzenz @ 10:23 AM