Installing an SSL certificate on your windows mobile device for Exchange 2k7

Motorola Q Phone

Exchange 2k7 requires a secure SSL connection. Here are the procedures for installing the SSL certificate for your mobile devices. You may be using your own self signed certificate or you may have purchased one. If you have your .cer file, move on to the installation section, if not here’s what to do.

Get your .cer file.

From the server

You will need to log into your Exchange server and start the IIS MMC, once in MMC right-click the default website and choose properties, click on the “Directory Security” tab and choose view certificate. On the certificate properties, click the “Details” tab then the “Copy to file” button. Follow the wizard to get your .cer file.

If you get a message stating “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store”, then you need to install you cert in the trusted root store through the domain security policy MMC. Import the .cer file under “Public Key Policies” >> “Trusted Root Certificate Authorities.”

From Outlook web access

Go to your OWA site.

Click on the little lock icon on the bottom of IE 6 or to the right of the address bar in IE 7.

Click view certificate.

Click the details tab.

Click copy to file and select the defaults.


Your cert must be a valid root cert for this to work,

Locked Smartphones cannot use Microsoft’s AddCert.exe installer. Vendors who lock their phones must create their own signed utility to allow this.


Verizon locks their phones so that you must use their certificate installer in place of the adcert.exe provided by Microsoft. If you see a message that says file adcert.exe cannot be opened because it is not signed, then you need to use Verizon’s or your phone vendors installer.

On Verizon devices, you MUST place the certificates in a folder called “storage”. The utility will only search for certificates in the /storage directory.

Verizon certificate installation utility (VZW_SpAddCert.exe)


Add Root Certificate Utility for Sprint Smartphones ( SPCS_signed_SpAddCert.exe)

Add Root Certficate Utility for Sprint iDEN Windows Mobile 2003 Smartphone (SprintIden-Signed-SpAddCert.exe)

For Motorola Q

Follow the Microsoft instructions in the URL below under the “How to install root certificates” section. This method requires that you use the provided application to install the cert. The instructions are under the section labeled “If the security policy on the Windows Mobile-based device prevents the built-in certificate installer from working, try the following steps to install the certificate”

Microsoft Instructions CLICK HERE

Samsung Blackjack

The Samsung blackjack and some other mobile devices only allow direct installation of the cert, you cannot use the provided program from Microsoft. Once the .cer file is uploaded to the phone’s file system, you only need to click on it to install.
This procedure is described in the section labeled “When you are granted a device manager role on a Windows Mobile-based device, you can install a root certificate file by using the built-in certificate installer. To use the built-in certificate installer, follow these steps.”

Check out this post for installing the SSL cert on the Iphone

Be Sociable, Share!


  • Frederick Technology says:

    I kept getting that “This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store” message but I added it to the “Trusted Root Certificate Authorities” and now it works.

    Thanks for this.

  • Tekno says:

    I got this working on multiple devices per you instructions.

    I had to install the certificate authority server.

Leave a Reply

Your email address will not be published. Required fields are marked *