Installing certificates on Windows Phone 7

When I first got my Windows Phone, I wasn’t able to sync with my Exchange 2010 server. This is because my SSL certificate is not one of the trusted root certificates that come with Windows Phone. This is a simple issue to fix.

When you install Exchange 2010, the system uses by default a self-signed certificate to secure the client communications (Outlook Web App, Outlook Anywhere or ActiveSync/EAS). It is a best practice to publish those services on Internet with a certificate that is delivered either by your own internal certification authority or a public certification authority. In both cases, the client that connects to the server has to trust the authority that delivered this certificate.

By default Windows Phone 7 trusts Root CAs from the following authorities: AOL, Comodo, DigiCert, GlobalSign, Keynectics, Quovadis, RSA Security, SECOM Trust Systems, TWCA, TrustCenter, Trustwave and Verisign. This list is valid at launch but may change over time. If you publish on Internet you client Web Services with a certificate that comes from one of those authorities, it will be automatically trusted by Windows Phone 7 and you can proceed to the next section of this article.

The full list of by default trusted root CA is available for download here : http://download.microsoft.com/download/9/3/5/93565816-AD4E-4448-B49B-457D07ABB991/Windows%20Phone%207%20Root%20Certificates_FINAL_121610.pdf

If, however, like most clients you use a certificate that has been issued by your own authority, you’ll have to add the Root CA of this authority to the list of the trusted Certification Authorities on you device. To do so, one method is to send the certificate of the CA to a public email address (like Hotmail) and synchronize this mailbox with your device.

Then on the phone, you can access the CER file as an attachment. Simply tap it once to download, then tap it again to open it. A dialog will ask you if you want to install the security certificate. Install it and then reboot your phone. You should then be ok to sync with Exchange.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.