I set up our Exchange 2003 server (Sp2) to use SSL on OWA with an internal certificate. I also have 2 pocket PCs that access this server. I set up the pocket PCs from the article-Problems Syncing a Pocket PC using SSL on Daniels website. I used method 3 and set up the ExchDAV directory and added the registry entry to point to it. OWA works fine using SSL. OMA can be accessed using either http or https (from a computer). The pocket pc will sync when SSL is uncheck. My question is how is this secure and if its not what do I need to do to correct it? If I want to go back to using the default directory instead of ExchDAV should I just delete the registry entry? I am thinking of using an external certificate instead of internal or download the file that disables using certificates. I understand that the data still is transmited using SSL when you disable it on the phone.