Skip navigation

Monthly Archives: November 2007

I was just looking through some old notes on how to set up Windows Mobile Devices for Direct Push

(Calendar, Tasks, Contacts and Email!!!) with a self signed SSL certificate (you can’t just install

the 64bit .cer file as it won’t allow the file type).

Anyway, thought I’d publish the solution here….
Note: this only works on Windows Mobile 5 and above – not WM 2003 🙁
I’ll assume here that people know how to create the SSL certificate (if not theres a good guide

at http://www.petri.co.il/install_windows_server_2003_ca.htm)
Next download the SSLChainsaver tool to the root of your C: drive
http://blogs.msdn.com/windowsmobile/archive/2006/08/11/sslchainsaver.aspx
Follow the instructions on the page to pull a copy of the root and leaf certificates, then

export the ROOT certificate in Base-64 encoded format.
Open the certificate from a command prompt using the line:
C:Type rootcert.cer
Which will output the hash of the certificate, which will look like:
C:>type rootcert.cer
—–BEGIN CERTIFICATE—–
MIIEYzCCA0ugAwIBAgIQG4HnhkoEsahFnmBPR65JWjANBgkqhkiG9w0BAQUFADA9

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

A1UEAxMHYmhzcnYwMjAeFw0wNTEwMDMxNzA3NTRaFw0xMDEwMDMxNzE1MjFaMD0x

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

VQQDEwdiaHNydjAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GTQ

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

N2RtoT4HcNUHYyDTlLrydD4tCOq21o4cNHRk67UsRGRHjZz/BI1YsdOXl1rakOva

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

COsC4ULQDytkuw9gCifqiCyxnT0k7+zkIgNxF4ncFdbnESLm3Bw2wCBz1G/MtUwY

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

2AiOz+jgGeYKv9jD8wIDAQABo4IBXTCCAVkwEwYJKwYBBAGCNxQCBAYeBABDAEEw

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

5a5dW4PRqcsXEAMtMIHyBgNVHR8EgeowgecwgeSggeGggd6GgatsZGFwOi8vL0NO

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

dmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1iaCxEQz1sb2Nh

bD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JM

RGlzdHJpYnV0aW9uUG9pbnSGLmh0dHA6Ly9iaHNydjAyLmJoLmxvY2FsL0NlcnRF

bnJvbGwvYmhzcnYwMi5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF

BQADggEBAEGdXuUfA7kvCxLLOI+W3+Nbz7lENOZF59cNVaQJ5HwjIGtLhw2tv2c0

SibjlB68ecuyuD6K4gYLVlhZrLelDKqGYsV3uF+Q4293+t2S+D3cMXW/gPAYeBU2

Ld+P6dm4tjmzcSC/Xpi3mQpw8kQF93rEEkApbP4LOXh/X5LpyZ2iS15RTMMomxvL

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ILk4wkjERNGgRRl5eOF3QZ/hMWRu1UMb1C6mrcxs4pBW1qyOJQNJB+Y3eHuWCzfw

oZMi16R2/MCkY6xCqvDRj302UKLHUbU=
—–END CERTIFICATE—–
Create a new file in notepad using the following template and call it _setup.xml, then paste the cert above into the section as below.

Then open your root certificate, look at the thumbprint of the certificate and copy that into the characteristic type section (highlighted in red above, without the spaces). My Thumbprint looked like 963688b77d91307e0164661f9550e2a2

Finally, all you need to do is make the .xml file into a cab file for installation into the Windows Mobile Device using the command line makecab (which ships is %systemroot%system32 with windows

Makecab _setup.xml rootcert.cab

Copy this to your Windows Mobile device with Activesync, then run.

You should now have an appropriate certificate to allow you to use Direct Push Email

through Exchange Activesync…..

Hoorah!!