I had to replace my XV6700 and of course, it was a new version of WM5 and I did not want to use my backup from Sprite Backup to restore so I had to install from scratch. Unfortunately, I forgot to save my certificates and had issues syncing with ActiveSync.

My configuration is an Exchange 2003 server behind a Linux firewall and an Apache 2.2 front end to Exchange. I’m connecting using https on my XV6700 but when trying to sync with the server, I kept encountering “The security certificate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server. Support Code: 80072f0d”.

I know my certificate was valid because I generated it myself! It turns out that was the problem – I was not a trusted root authority. Sigh. But that is easily remedied!

To resolve this problem all I needed to do was install my self-created CA signing certificate on the Pocket PC / XV6700. Since I created it on my Linux server, I had to convert it into a form the WM5 understands, in this case a DER encoded binary X.509 certificate. This could be done by importing it into Internet Explorer and then exporting in that format or in a simpler one-step process from the command line:

openssl x509 -in ca.crt -out ca.cer -outform DER

Now, just copy the ca.cer file to the PPC and open it in File Explorer. It will ask you if I want to install the certificate issued by . Clicking yes will import the certificate (that can be view in the Certificates control panel under the Root tab).

Once installed, ActiveSync no longer complains about the certificate and merrily performs it job.

Whew. Easy solution but it certainly took a while to recall!