I have posted about this issue in the past, but it has cropped up a number of times recently so thought it was worth an update. Windows Phone, as with Windows Mobile before it, does not allow Exchange ActiveSync email accounts to be configured on the device if the SSL certificate assigned to the Exchange server is not trusted by the device. This will apply to self-signed SSL certificates as well as root-trusted certificates for which Windows Phone does not have an up-to-date list of root certificates. The device will return an error code along the lines of 80072F0D
The solution is to install the corresponding root certificate onto the Windows Phone device manually before setting up the email account.
Fortunately Microsoft have a free tool that makes locating and exporting the appropriate root certificate quickly and easily: the SSL Chain Saver tool, available for download HERE.
Once downloaded and installed, the tool will install by default to "C:\Program Files\Microsoft SSL Chainsaver"
Open a Command Prompt and change to this directory.
Issue a command of
sslchainsaver [name of Exchange server]
Now open My Computer and navigate to the Program Files folder. A folder will have been created within the Microsoft SSL Chainsaver directory with the name of your Exchange server. In here will be contained the root certificate "root.cer". If intermediate certificates are also required, these will be listed also.
(NOTE if using a self-issued SSL certificate, this tool should be run on the local network from a machine with access to the Exchange server and the Certificate Authority).
The root certificate (and intermediate certificates) can now be installed onto the Windows Phone device. This can be done by placing the certificate file onto a web server and entering in the URL to file within the browser on the Windows Phone device itself, or by creating an alternate email account on the Windows Phone device (such as a Hotmail account) and emailing the file to that email address.
By opening the link in the browser, or opening the email attachment, the Windows Phone device will prompt you to install the certificate automatically.
Once the certificate has been installed, power the Windows Phone device off and on again. Once rebooted you should now be able to configure the email account successfully.