Exchange 2007 ActiveSync and Windows Mobile 5 and SSL

In working through our certificate issues at work, we were able to obtain a Unified Communications Certificate from Comodo that we used to secure the various Exchange 2007 components that need to be secured by SSL, including IMAP, POP3, IIS (OWA) and Autodiscover.  I'll go through the actual process in my next tip.  In this tip, I want to present one gotcha that is rather important.  It has to do with support for Windows Mobile-based devices, such as the Blackjack and the Treo 750, among others.  Until recently, we were using Good Messaging, but in a desire to roll mobile services out to a wider audience, made the decision that ActiveSync was a more affordable choice.

Once we applied our Unified Communications Certificate obtained from Comodo, just about everything worked without problems.  IE7 stopped giving certificate errors when we connected to OWA, for example.  However, our Windows Mobile-based devices still could not connect to our Exchange 2007 system.  The devices were still throwing back certificate errors.  Upon investigation, we found that the Comodo certificate we used does not, by default, have a trusted root in Windows Mobile 5-based devices.  Such support is supposed to be included in Windows Mobile 6 and Comodo does have a very, very simple workaround.

The lesson: If your mobile device is still giving your certificate troubles and you think you've got everything configured correctly, check the certificate provider's support forum!  You may just find the fix you need.