Export (0) Print
Expand All
Expand Minimize

Windows Mobile Root Certificates

 

Topic Last Modified: 2009-09-01

The Microsoft Exchange Analyzer Tool queries the Server Certificate object in the Exchange Server system to retrieve various properties on X509 certificates. In order for the Exchange Remote Connectivity Analyzer to validate a given X509 certificate, it must trust the root Certificate Authority (CA) that issued the certificate. If the Exchange Remote Connectivity Analyzer is unable to follow the certificate chain to the trusted root, then it displays the following error.

"The security certificate on the server is not valid. Support code: 0x80072f0d."

This issue typically occurs when the Web server certificate on the Exchange 2007 Client Access server is a self-signed certificate or one created using a private or internal PKI. If you are using a self-signed or a certificate from an internal PKI, then you must install the root certificate on the mobile device. If you have already done this step, then you can choose the "Ignore Trust for SSL" option in the Exchange Remote Connectivity Analyzer to bypass this check.

This issue can also occur when the certificate chain of your certificate does not end in a root certificate that is trusted on your version of Windows Mobile.

The following table shows which root certificates from public certificate authorities ship with each version of Windows Mobile.

 

Certificate Authority 5.0 5.0 + MSFP 6.0

Thawte Server CA

Yes

Yes

Yes

Thawte Premium Server CA

Yes

Yes

Yes

GTE CyberTrust Root

Yes

Yes

Yes

GTE CyberTrust Global Root

Yes

Yes

Yes

Secure Server Certification Authority (RSA)

Yes

Yes

Yes

GlobalSign Root CA

Yes

Yes

Yes

Entrust.net Secure Server Certification Authority

Yes

Yes

Yes

Entrust.net Certification Authority (2048)

Yes

Yes

Yes

Verisign Class 3 Public Primary Certification Authority

Yes

Yes

Yes

Verisign Class 2 Public Primary Certification Authority

Yes

Yes

Yes

Equifax Secure Certificate Authority

Yes

Yes

Yes

ValiCert Class 2 Policy Validation Authority

No

Yes

Yes

AAA Certificate Services (Comodo CA Limited)

No

No

Yes

AddTrust External CA Root

No

No

Yes

Baltimore CyberTrust Root

No

No

Yes

Go Daddy Class 2 Certification Authority

No

No

Yes

Starfield Class 2 Certification Authority

No

No

Yes

noteNote:
Some of the Certificate Authorities mentioned have CA certificates that are signed by another Certificate Authority. Though some root certificates are not trusted on older versions of Windows Mobile, this does not mean that the certificates issued from a given company do not chain up to a trusted root on that Windows Mobile version. You should contact your Certificate Authority if you have questions about which root certificates your certificate can chain to.

To learn more about certificates and validation, see to the following topics.

The Exchange Remote Connectivity Analyzer is a new tool with limited documentation at this time. In an effort to improve the documentation for each of the errors you might receive, we would like to solicit additional information from the community. Please use the Community Content section below to post additional reasons why you failed at this point.  If you need technical assistance, please create a post in the appropriate Exchange TechNet forum or contact support.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft