, Blue Ink wrote

*snip*

I could never find anything that cheap, but that's beside the point. If companies are allowed to use a DIY certificate, it doesn't make sense to force them to trust yet another DIY certificate every year.

And it makes even less sense to make you send a certificate to a device. Not exactly material for a "Smoked by Windows Phone" challenge.

You don't have to - set up an internal CA, trust that root. Heck you don't even need Win Server for that, you could do it with OpenSSL or with makecert.