ActiveSync doesn't use SSL!

I'd prefer to be able to connect to my exchange server using an SSL certificate rather than an insecure connection. Is there any easy way to achieve this?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Activesync DOES use SSL unless you've disabled it with the disable cert check utility, or if you haven't configured your server fully by running the Configure Email and Internet Connection Wizard.

For the best overview on SBS & Mobile Synching see

DReade83Author Commented:
I've re-run the wizard and tried reconfiguring the Smartphone to use an SSL connection, but I'm getting:

"You cannot log on to Microsoft Exchange Server because the security certificate on the server is not valid or expired."

Any ideas?
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Here's the Troubleshooting guide:

You will most likely need to follow this KB article though... even if your device is Pocket PC 2003 instead of 2002:

There are some Windows Mobile devices that will only work with a true security certificate from an outside authority vs. a self-signed certificate which is what you have by default.  They simply won't let you install a certificate that is self-signed.

This is usually a device configuration issue, not an Exchange/SBS issue.

If you need an full cert you can get one now for next to nothing so it just makes sense to install  one onto the SBS server no matter what.

No matter what though you have to have installed the certificate (self-signed or otherwise) onto the mobile device prior to connecting activesync via ssl.

Matt Ridings
MSR Consulting

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DReade83Author Commented:
It turns out I would have to buy one, not something I'm really fussed about. I've installed Certification Services on my server but that doesn't make any difference; it needs to come from a trusted CA like VeriSign.

Thanks to both.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.