I was able to add my own certificate to my c600 by changing the value of following registry entry on the device:

HKLM\Security\Policies\Policies\00001017          from 128 to 144.

I also changed  00001001 to 1  and  00001005 to 40  but i dont think that helped.

Restart the device.

Export the desired certificate as a binary encoded (DER) certificate (.cer).

Copy the .cer file to the device.

Open the .cer file on the device via file explorer.
So I now have the certificate listed in the root certificate list, but when I use ActivSync with my exchange server I get an error that says "The security certifcate on the server is invalid. Contact your Exchange Server administrator or ISP to install a valid certificate on the server."

Great    Any ideas? Certificates are def. listed

Ok the thing you have to be carefull with is that the exported root cert "issued to" name matches the name of the address (url) you are trying to connect to with the SPV c600, using GPRS.

In my case i am using a dynamic IP (I dont use a domain name) so the root cert "issued to" name name has to be my external IP.

If you are connecting to "your_external_domain.com" but the certificate you created on your CA server and then copied to your SPV has the "issued to" name as "internal_domain.com" the connection will fail.

You must also make sure the the Exhchange Web components on IIS are using the same Cert to provide an SSL connection. Again in my case the SSL certficate is installed under the "Default web site" in IIS as this is where the Exchange web components are installed.

Hope this helps !! 

Thanks - that's helpful. So the "issued to" name is just the IP address if you are using dynamic IP?

That's correct let me know if have any further questions 

I forwarded the request for changing the "Issued To" name to our tech person, plus a suggestion from MoDaCo which advised us to "Export the root certificate from the Certificate Authority in your domain (in DER format)"

Our tech person came back to me with the following problem: "Unfortunately, we require a certificate of authority which our server is not configured with.  The certificate from exchange can not be exported into a *.der format. "

Does that make sense? Any advice?

Thanks! 

Thanks for this - I'm probably doing some of the steps wrong - I'll have another go.

I don't think this could be an issue with my device - I think it is a WM5 issue so hopefully if it works on your QTeks then it should work on my MDA Vario (which is a Qtek 9100).

Btw - Did you have a look at the version of regedit that I attached?

I have the Tmobile Dash - I can't add my own certificate as described here, but I can't make any changes to the Registry either. Apparently Tmo has the registry locked down.

Anybody run into this? Regedit doesn't work - and either does RAPI.

Everytime I try to change a value in the registry, it is it can't do it. I even tried renaming and creating, but it seems like it is a read only register file.

I can't get to my exchange server. No fun!

I have the Tmobile Dash - I can't add my own certificate as described here, but I can't make any changes to the Registry either. Apparently Tmo has the registry locked down.

Anybody run into this? Regedit doesn't work - and either does RAPI.

Everytime I try to change a value in the registry, it is it can't do it. I even tried renaming and creating, but it seems like it is a read only register file.

I can't get to my exchange server. No fun!

1. Go to http://www.modaco.com/INFO_Decert_SIM_Unlo...50-t222786.html.
2. Download the HTC-signed "regeditSTG.zip" and move it to your smartphone.
IMPORTANT: Put it on the phone, not on a memory card - this was my first
sticking point.
3. Extract the zip file using Explorer on the device (if it's a WM5 device).
4. Run the Regedit exe and follow the instructions on the page above for
registry changes to make. It was also suggested by a Microsofty a few posts
down to change 00001017 (4119) to 144 (in the same part of the registry),
although I'm not sure what each entry does. I did all three. :-)
5. Download SDA_ApplicationUnlock.exe from
http://www.modaco.com/Motorola_MPx220_and_...0_app_locked...,
connect the device, run this app, click "Unlock" or whatever, then restart
the device.
6. Export the root certificate from the Certificate Authority in your domain
(in DER format), copy it to the phone (again NOT the memory card) and simply
run it from Explorer. Bob's yer uncle.