Recipe8.17.Disabling Exchange ActiveSync Certificate Checking

Recipe 8.17. Disabling Exchange ActiveSync Certificate Checking

Problem

You want to disable ActiveSync's certificate checking on a Windows Mobile device.

Solution

Using a command-line interface

1. Download the Exchange Server Disable Certificate Verification utility (DisableCertChk.exe) from the Microsoft Download Center.

2. Execute DisableCertChk.exe; choose the folder where you want the certchk utility to be stored.

3. Connect the Windows Mobile device to the computer.

4. Use the certchk utility with the appropriate switch (either on or off). To turn off certificate checking, use the following command:

   > certchk off

   
   

Discussion

For setup and troubleshooting purposes, it can be useful to temporarily disable your Windows Mobile device's verification of certificates against its list of trusted sources. This allows you to use untrusted certificates that you've created internally, or procured from sources other than the large commercial services, without individually adding the root certificate to the device. SSL encryption is still used for communications between the device and the Exchange server, but error messages will not be generated. Once you're finished testing and configuring your environment, you can either upgrade to a trusted commercial certificate or add the server's private root certificate to your Windows Mobile device.

See Also

Recipe 8.18 for installing a root certificate for use with Exchange ActiveSync and MS Download Center Disable Certificate Verification Utility (DisableCertChk.exe) download at:

http://www.microsoft.com/downloads/details.aspx?familyid=d88753b8-8b3a-4f1d-8e94-530a67614df1