I run my own business and have Small Business Server 2003. I have outlook configured and working fine but I get a certificate error when trying to synch my Treo 700 to my server.

Using the Certchk application in the past I could get around this for other smart phones and this is not supported for Windows Mobile 5.0

I have a certificate for my server but don't know if I need to get this onto my Treo (and how is this done) or if I need to do someting else to make this work

Can anyone let me know what is going on and if someone has made their Small business or just Exchange work with their new Treo 700.

I guess has anyone synched their Exchange (virtually) with this phone and service yet?

You need to install the certificate from your exchange server on your 700w in order to successfully sync. Here are the steps to get it to work.

1 - On your computer open up your certificate. If you have it, then double click on it. If you don't, then you can get it easily by logging into exchange via the web access. Once you've logged in, just double click on the gold lock at the bottom and that will bring up your certificate.

2 - Convert the certificate into a "DER encoded binary X.509" (.cer) file. Windows Mobile 5 needs it in this form. To do this (once you've opened the certificate), go to the "Details" tab and click on the "Copy to file" button. Follow the steps in the wizard.

3 - Move the .cer file to your 700w. Using the file explorer on the 700w, click on the certificate to install it. Verizon has signed the certinst.exe file, so you shouldn't need any hack to get the certs installed. Just click and say "yes". You won't get any feedback that it was successful. Just go to Settings->Security->Certificates and verify that it is there under the root tab. (One note...you will need to do these steps for all the root certs of your certificate as well if there are any). Reboot and you're done.

You should be all set now.

You fricken rock man. That worked perfectly. I mean flawlessly. I know lots of people on the MSFT site blogs and other Treo 700 sites looking to do this so I appreciate the clear post.

.....Let me know if you need anything from me ever.

One last thing: Do you know the way to check multiple e-mail accounts in the Mobile Exchange interface?

I have two separate accounts in Exchange (one for normal mail and one to manage and monitor our support alias and would love to be able to toggle between the mailboxes in some way)

In outlook this is achieved by allowing assigning mailbox rights and allowing read write access..

Great instructions! These need to go into the FAQ!

You guys seem to have it going on re this issue so quick question:
I have been NOT using an SSL certificate for my SBS mobile active sync connection -- works ok but I'm sure not so secure.

any suggestions on the least expensive way to get a certificate (or can I use the SBS created one that is used for my https://server.com/remote web connection ?
In other words, do I need to buy one?


once I get the certificate how easy is it to install? (lbb1340 - you wouldn't consider giving me some tips would you?)

You should be able to use the above instructions to install the cert that was created with the CA in SBS 2003. If you want to use a cert issued by a trusted CA, the cheapest I have found is at www.instantssl.com. Check it out.

FAQ or sticky this thread. It's about as important as it gets for those of us working on corporate implementation, and is a key to setting up this phone.

If not, at least I bumped it back up to where I won't have to look so hard to find it again!

Jim

Do the certificate files need to go into an particular place on the Treo? I copied my certificates to the device using the Explorer in ActiveSync. However, whenever I click on them, or on certinst.exe, it just opens the properties window.

I got certinst to be listed under the Programs menu, but when I click on it, it says "Invalid Certificate".

I got the certicate installed. I put the certificates into the Program folder, and then, on the device, I was able to click on them to install them. CertInst never worked.

Information here was wonderful but I still ran into troubles. It turns out (after many, many hours) that when I defined the domain in the "server settings" onthe 700w, I had to leave the .com off. I don't know if this is the same for everyone else but it started the syncing direct with SBS Exchange server 2003 for me. What a relief. Life is good and I'm getting into setting the rest of it up now - very enjoyable. BTW, I threw the certificates on a memory card from my PC and clicked them in file explorer and they installed right away. You can see them in the root tab under settings.

Thanks to all who is posting!!

-boots

I have imported two certs.

The one given to me by my exchange admin the other from the OWA site.

One lists (the one given by the admin) the valid dates as 1.31.06 - 1.31.07
for Encrypting File System, Secure Email, and Client Authentication

The other site has the valid dates 8.9.04-8.9.06
for Server Authentication

both list that it is issued to our mail.companyname.com

I still receive the following error when I attempt to sync
"The security certificate is invalid. Contact your Exchange Server admin or ISP to install a valid cert on the server."

Any ideas?

How about forwarding one account to the other, having a rule to dump it into an inbox subfolder (make sure your set to sync the subfolder) This would take care of the reading part.

You could also use PIE and OMA to access your alternate mail account.
To use OMA just enter http://yourmailserver/oma

OMA is pretty fast, even in 1x areas.

Michael

I'm not the exchange expert but I will tell you what got it working for me. We're using an SBS version of exchange. Going through the screen on the 700 Server Setup; server address: domainname.com, server requires an encrypted (SSL) connection: NOT checked. This one threw me but we called MS support handing over the credit card for the support event and we we're told to not check that and because we're using ISA, it would be understood we're secure. User name: xxxxx (as you use for normal email), pwd: xxxxx (normal), Domain: domainname (without the .com), Save Password: Checked Yes. On the next screen, you can only do Contacts, Calendar and E-Mail. Not tasks. You can also configure the amount of messages etc.

As for certs, our IT guy created new ones and the expiration date on both is the same, 8/12/10. I put them on a SD card and clicked them (on the 700)and they installed. Both are self issued. One is simply domainname.com and the other is publishing.domainname.local. I beleive the 2nd is for ISA but again, not the expert.

It's working quite well, especially after a hard reset from other problems apparently caused by voice commander. Good Luck.

-boots

digxrayguy --

I went through the config you describe here and it doens't work for me. I get the error that my account has insignificant privledges to access my account.

Thanks for the help though.

-- Chris

I registered just to say thanks...

4 days with MS tech = Nothing

5 mins on this site and sorted out..

Many thanks

[quote=whyareunvs]I still receive the following error when I attempt to sync
"The security certificate is invalid. Contact your Exchange Server admin or ISP to install a valid cert on the server."QUOTE]

I kept getting the same error and ran out of time to play before the boss had to have it, so I gave in and used the Verizon wireless sync. It's working great, but I'd still like to get it working with Exchange. Maybe if I can get my hands on it again, I'll try the lastest info.

Here's something which many posts don't tell you. Not only should you export/import the certificate from your exchange server, but you also need to do this for the entire certificate tree.

For example if VeriSign issued you a cert the tree would be VeriSign root CA, then the cert they issued. Now you would think the the 700w's ships with an extensive set of trusted root CA's, but you would be wrong

--man on street

Hi everyone,
Thank you for good info. It has worked for me.
But i have one question. Everything works fine if I use "server.company.local" in the server address field. But it is not working if I use IP address instead of name and I need to access it using IP address.
Any ideas how to fix that. Sorry if it is a lame question I am new in the certificate world.
Thank you

Certificates are registered by server DNS name, not by IP address. Since IP addresses can change (DHCP) certificates are processed by the server name, which doesn't change. Otherwise, there is a "name doesn't match" error in the verification process of the certificate.

__________________
John

PDAPhoneHome Forum Moderator

Thank you for replay.
So is there a way to use SSL not having a public domain?