D'Arcy from Winnipeg
Solution Architecture, Business & Entrepreneurship, Microsoft, and Adoption

WP7–Outlook, Exchange, and Custom Certificate Woes

Wednesday, April 27, 2011 12:53 AM

I haven’t been able to get my work email syncing with my Samsung Focus since I started the new gig due to some certificate issues. When I try to connect, I’m just told there’s a problem with the certificate.

The real underlying issue is that the certificate for my work email isn’t installed on my WP7 device. Unfortunately, this ends up being a manual task that you have to perform, but its not a difficult one once you know what to do.

Jerome Laban’s blog post talks about the root cause of the issue:

Depending on which corporation you work for, you may have to connect to your exchange server using a self-signed server certificate to be used with HTTPS protocol (using either TLS or SSL).

If you're unlucky enough to be in this situation, but are using a modern browser, you can install the certificate in either your windows certificate store, or using your browser's store. You can do that using this lengthy technique for IE8.

But if you're on a Windows Phone 7, if you try to connect to your exchange account, you'll get a nice message telling you that there is a problem with the server certificate. Well, neither Internet Explorer or the bundled Exchange tools give you the ability to install that custom certificate. And there is no access to the file system either.

Luckily, you can email your certificate on your GMail account for instance, and the WP7 mail client has the ability to install certificates !

He goes on to reference some Stack Overflow posts that contain lengthy steps, none of which I had to go through. He does have a great point about how you need the entire certificate tree to make this work.

Now, how to get your certificates. In my situation, my work offers an Outlook Web Access interface for viewing mail (pretty common). Once I go there, I click on the little lock icon (note that I’m using IE9, this might be different depending on your browser). This brings up a little info window, and there’s a link at the bottom labeled “View Certificates”. Click it.

image

This brings up another dialogue with info about the certificate. There’s an option here to “Install Certificate”. Click it.

image

This will bring up the install wizard. Go through it and install the certificate locally.

image

Remember that part about needing to install all certificates in the tree? Well if you click on Certification Path, you’ll see all the certificates in the tree. This is important for later.

image

Now in your browser, go to your menu and find Internet Options. In IE go to the Content tab and click the Certificates button.

image

This brings up the certificate screen. I searched through the tabs until I found the certificates that matched the ones I saw in the certification tree earlier. Once you find them, select them and click Export.

image

This will start up a wizard for exporting. Select the default Der Encoded Binary (.cer) option, and save the certificate locally somewhere.

Once you’ve exported them, get them on to your WP7. Easiest way I found was to email them to myself through Gmail. Once I had the email with the attachments on my phone, I just clicked on the icon and WP7 guided me through installing the certificates.

Once I had them installed, I was able to get my Exchange-based email working!

Bit of a pain to go through all this, but definitely worth it to get my calendar, contacts, and email all synched up to my device without having to browse to OWA.

Hope this helps!

D




Feedback

# re: WP7–Outlook, Exchange, and Custom Certificate Woes

Thanks for the info, this was really helpful. On my browser (IE9 on Win7) I did have to export the certificate as p7b format to be able to include the certificate chain. After that everything worked on first try on my Windows Mange phone.
11/15/2011 1:54 PM | Finnur Hrafn Jónsson

# re: WP7–Outlook, Exchange, and Custom Certificate Woes

You made my day!
In my case, i did have to export the certificate as p7b format to be able to include the certificate chain, too. 2/29/2012 10:53 AM | Daniel Martins

Post a comment