Really Quick Exchange Server 2003 self signed certificate and how to deploy to windows device recipe

Find this post interesting? Do you like interesting things? Maybe you would like my invention, a connectible candle called a WickBrick!

Get one here


So certificates are lame, and who wants to pay for them. So what if you want to create a self signed certificate and then use it on a mobile device. Here are the steps.

Download the IIS 6.0 Resource Kit Tools.

Run the Selfssl.exe program with something like selfssl /T /

(Note should be the external server address that your mobile clients connect to)

(/V:9999 = 9,999 days before experation)

For my purposes I didn’t want to switch to full ssl right now so I didn’t go and select the exchange server setting to always require ssl.

To test point your browser using ssl point to

You should get a warning that you have an untrusted cert there. Click view certificate and then click install certificate (this will useful for setting up the mobile)

Ok, now on to the mobile. This post explains it very well

But I will summarize.

Create basic xml file with

<characteristic type=”CertificateStore”>
<characteristic type=”ROOT”>
<characteristic type=”thumbprint of certificate”>
<parm name=”EncodedCertificate” value=”certificate hash”/>

Open up internet explorer, tools, internet options, content, certificates, trusted root certificates authorities tab. Find your cert (it will be the server name you assigned above)

Double click it, goto details tab, scroll down to thumbprint. Copy the thumbprint and replace the thumbprint of certificate in the above xml file removing all spaces.

Hit OK, and then on the trusted root certification authorities tab select your cert and then click export. Choose Base-64 encoded X.509 (.CER)

Open up a new copy of notepad and drag the exported .cer file into it.

Copy everything between the
and paste it in to the file created in part one, in to the line with Encoded Certificate, replacing the entry “certificate hash.

Save your xml file as _setup.xml (IT MUST BE _setup.xml) or no worky

drop to the command prompt (windows xp) and run the command makecab _setup.xml

(you can now rename to something easier to type or remember)

copy to some external webserver.

Now to install on your mobile device have them browse to

For an iphone use the previous export command to get a .cer and copy it to some externally accessible webserver and then have your iphone users point their device to and install it when asked.

NOTE: Rename the .cer to .crt so that safari will recognize it as a certificate.


If this post was useful please vote for my Kronos Video So I can win 10K thanks 🙂