First off, you need to know a few things to set this up.
(1) The FQDN of you company used to access the OWA (Outlook Web Access), for example, mail.mycompany.com/exchange
(2) The NetBIOS name of your local domain at your office (Right click the My Computer icon on your office pc and select Computer Name and note the Domain. If your IT dept did it the recomended way it'll have a .local extension, for instance, lawoffice.local. You'll use just the domain name without the extension, ie: lawoffice. (without the period, LOL)
(3) I absolutely never use my PC to configure my ActiveSync on my devices, just to initailly copy the certificate to the Storage Card.
Two ways to do the certificate. First is the method I always used until I discovered the second method, which is SO much easier.
(BTW, substitute YOUR FQDN for mine, duhh! :) )
First Method
(1) Install the certificate on your PC by going to the FQDN of your OWA in Internet Explorer 7 on your PC, not your PDA (XP is much easier, Vista is quite difficult to do this)
For example, open IE7 and put mail.mycompany.com/exchange in the address bar. You should initially get a "There is a problem with this website's security certificate" error, click on "Continue to this Website" Now, next to the address bar at the top you'll see Certificate Error", click it, View, Install, Next, Next, Finish, Yes. Then you'll see "The import was sucessful" <damn, that took a while!)
Close IE 7 completely and reopen it, put "mail.mydomain.com/exchange" in the address bar and you'll go straight to the OWA page, meaning that your import WAS sucessful, yipee!
(2) Click on Start, Run and type "mmc" and OK. This opens the Microsoft Management Console and you'll see Console1 at the top. File, Add/Remove Snap-In, Add, Certificates, Finish, Close, OK. Now expand Certificates, Trusted Root Certification Authorities, Certificates. Find YOUR certificate in the list. Right click, All Task, Export, Next, DER encoded binary, Next, File name. I use c:\mail.mydomain.com so that I can find it easily. Now finish and you'll get the Export was sucessful message.
(3) Connect to your PDA via ActiveSync as a guest, kill your partnership if it exists, you don't need it), copy the cert to your Storage Card and execute it from there.
Then, referring to Scott Yost's contribution on MSDB Blogs, SSLChainSaver v2 released download & install Windows Mobile SSLChainSaver
This will create a directory C:\Program Files\Microsoft SSL ?ChainSaver by default with no program group. I suggest installing to a easier to find folder as this will be run via a Command Prompt, I use D:\SSL myself.
Then I run a Command Prompt and change my Drive and Directory to that folder. (I'm sure that if you need this knowledge you already know how to navigate in a Dos windows)
There I type S and a tab (which, on an XP or Vista computer will autocomplete SSLChainSaver.exe. Type a space then the FQN of the server containing the cert, for instance, mail.mycompany.com. This will create a folder named mail.mycompany.com containing the cert, which we don't need. It will also create 2 files, mail.mycompany.com.wm5.xml and mail.mycompany.com.wm6.xml. Al my device are WM6.1 so I need the second one.
Rename the second file to _setup.xml.
The type makecab /d compress=off _setup.xml email.cab (or whatever you want to name the cab)
Copy the cab to your SC and input the necessary line into your SDConfig.txt if you use UC or simply run through File Explorer.
Configure Activesync
Now disconnect your PDA and open ActiveSync. Server address is the FQDN of your company without the /exchange, for example, mail.mycompany.com. Leave the check mark on the SSL. Next put your user name, password and the NetBIOS name of your domain. Then configure your options for the number of days to sync, etc.
http://www.microsoft.com/downloads/details.aspx?FamilyID=0856EACB-4362-4B0D-8EDD-AAB15C5E04F5&displaylang=en