As of right now I do not have my Active Sync Exchange 2007 server set up on a Certificate. I just have the 443 port open to the Active Sync Server. Can someone give me some clarification on the security issue of not having a cert. I am assuming right now that ALL data is being encrypted because its going through a 443 port but since I dont have a certificate that techinically another device can impersonate that server.... Its this all correct?