Installing GoDaddy SSL Root Certificate on Windows Mobile 5

A few months ago, we migrated to Kerio MailServer at work and I’ve been absolutely in love with the fact that it natively supports Microsoft’s ActiveSync. This means I can sync my mail, contacts, calendar, and to-do lists directly to my WinMo5 based Palm Treo 700w over-the-air. The only complaint I’ve had, was that I’ve been doing it all via HTTP – yes, sans-SSL.

So, a few weeks ago, I set out to remedy the problem. I hopped around a few sites and did a little research and eventually decided to buy a two-year certificate from Go Daddy for $53 (I think). Getting it installed in Kerio was easy so then I tried changing ActiveSync on my Treo to use SSL. It failed. Miserably. Turns out, some of the reviews weren’t as accurate as I’d hoped and the new Go Daddy root certificate is not installed in Windows Mobile 5 by default as a trusted authority.

I searched and read and read some more to figure out how to do it. I found this slightly outdated knowledgebase article and started following the instructions. It didn’t work. In the process, I discovered that you can just copy the .cer file to the mobile device (I used an SD card) and open the .cer file from Explorer and you’re prompted to import it. Armed with this knowledge, I tried both the old “Valicert Root – DER Format” and the new “Go Daddy Class 2 Certification Authority Root Certificate – DER Format” with mixed results. One loaded and the other did not. However, I still couldn’t sync via SSL. A little bit more of my Google-fu and I found Go Daddy certs on certain phones by The SBS Diva. At the very bottom of her post is a jewel valicert_class2_root.zip.  It’s the binary versions of the Go Daddy root certificates. You can export these yourself from IE by following the instructions there if you don’t trust them. Otherwise, just download the zip file, extract the two files from the archive and get them copied over to your WinMo5 device somehow and execute them.

I can sleep a little easier tonight knowing my data is fully encrypted from my device back to the Kerio virtual machine.