Direct Push on Windows Mobile using Self Signed SSL
I was just looking through some old notes on how to set up Windows Mobile Devices for Direct Push
(Calendar, Tasks, Contacts and Email!!!) with a self signed SSL certificate (you can’t just install
the 64bit .cer file as it won’t allow the file type).
Anyway, thought I’d publish the solution here….
Note: this only works on Windows Mobile 5 and above – not WM 2003 
I’ll assume here that people know how to create the SSL certificate (if not theres a good guide
at http://www.petri.co.il/install_windows_server_2003_ca.htm)
Next download the SSLChainsaver tool to the root of your C: drive
http://blogs.msdn.com/windowsmobile/archive/2006/08/11/sslchainsaver.aspx
Follow the instructions on the page to pull a copy of the root and leaf certificates, then
export the ROOT certificate in Base-64 encoded format.
Open the certificate from a command prompt using the line:
C:\Type rootcert.cer
Which will output the hash of the certificate, which will look like:
C:\>type rootcert.cer
—–BEGIN CERTIFICATE—–
MIIEYzCCA0ugAwIBAgIQG4HnhkoEsahFnmBPR65JWjANBgkqhkiG9w0BAQUFADA9
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
A1UEAxMHYmhzcnYwMjAeFw0wNTEwMDMxNzA3NTRaFw0xMDEwMDMxNzE1MjFaMD0x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
VQQDEwdiaHNydjAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GTQ
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
N2RtoT4HcNUHYyDTlLrydD4tCOq21o4cNHRk67UsRGRHjZz/BI1YsdOXl1rakOva
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
COsC4ULQDytkuw9gCifqiCyxnT0k7+zkIgNxF4ncFdbnESLm3Bw2wCBz1G/MtUwY
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
2AiOz+jgGeYKv9jD8wIDAQABo4IBXTCCAVkwEwYJKwYBBAGCNxQCBAYeBABDAEEw
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
5a5dW4PRqcsXEAMtMIHyBgNVHR8EgeowgecwgeSggeGggd6GgatsZGFwOi8vL0NO
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
dmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1iaCxEQz1sb2Nh
bD9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2U/b2JqZWN0Q2xhc3M9Y1JM
RGlzdHJpYnV0aW9uUG9pbnSGLmh0dHA6Ly9iaHNydjAyLmJoLmxvY2FsL0NlcnRF
bnJvbGwvYmhzcnYwMi5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQEF
BQADggEBAEGdXuUfA7kvCxLLOI+W3+Nbz7lENOZF59cNVaQJ5HwjIGtLhw2tv2c0
SibjlB68ecuyuD6K4gYLVlhZrLelDKqGYsV3uF+Q4293+t2S+D3cMXW/gPAYeBU2
Ld+P6dm4tjmzcSC/Xpi3mQpw8kQF93rEEkApbP4LOXh/X5LpyZ2iS15RTMMomxvL
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ILk4wkjERNGgRRl5eOF3QZ/hMWRu1UMb1C6mrcxs4pBW1qyOJQNJB+Y3eHuWCzfw
oZMi16R2/MCkY6xCqvDRj302UKLHUbU=
—–END CERTIFICATE—–
Create a new file in notepad using the following template and call it _setup.xml, then paste the cert above into the section as below.
Then open your root certificate, look at the thumbprint of the certificate and copy that into the characteristic type section (highlighted in red above, without the spaces). My Thumbprint looked like 963688b77d91307e0164661f9550e2a2
Finally, all you need to do is make the .xml file into a cab file for installation into the Windows Mobile Device using the command line makecab (which ships is %systemroot%\system32 with windows
Makecab _setup.xml rootcert.cab
Copy this to your Windows Mobile device with Activesync, then run.
You should now have an appropriate certificate to allow you to use Direct Push Email
through Exchange Activesync…..
Hoorah!!
Leave a Reply