When you are connecting a Windows Phone device to an Exchange server using ActiveSync for the first time you may encounter the following error:
There is a problem with the certificate for mail.exchangeserverpro.net. Contact a support person or your service provider.
Error code: 80072F0D
This error can occur when the root certificate authority that generated the SSL certificate being used by the Exchange server is not trusted by the Windows Phone device.
This will commonly occur with Exchange servers that are still configured to use a self-signed certificate, or that have a certificate issued from a private CA.
There are a basically two ways to resolve this issue.
Install an SSL Certificate from a Trusted Certificate Authority
If you install an SSL certificate from a certificate authority that is already trusted by the Windows Phone device you will avoid this error when you’re configuring the device for ActiveSync. You’ll also avoid certificate related errors for other service such as Outlook Web App and AutoDiscover.
I generally go with Digicert for Exchange SSL certificates, however you can choose another provider if you wish. Microsoft has published this list of certificate authorities that are trusted by Windows Phone (PDF).
Install the Root Certificate on the Windows Phone Device
If you can’t, or won’t, acquire an SSL certificate from a trusted CA then you can also install the root certificate onto your Windows Phone device so that SSL certificates from that CA will work.
This is fine for test lab or training scenarios but I do not recommend it for production environments.
If you’ve used a private CA to issue your certificate you can download the root certificate from the web enrolment page on the CA.
Download the CA certificate in DER format to your computer.
Next you need to get the certificate onto the Windows Phone device. You can do this in two ways:
- Host the certificate file on a website and browse to the URL from the Windows Phone device
- Email the certificate file to a service such as Gmail or Hotmail and download it to the Windows Phone device
You can either access the email service via it’s web interface, or set it up in the Windows Phone Outlook client to download the email to the device.
When you open the certificate file from the web server or email the device should prompt you to install it.
After the root certificate is installed you should be able to successfully connect to the Exchange server using ActiveSync without any SSL errors.