I'm so grateful to Imaginos who has helped me with this. I was pulling my hair out for a few days that I couldn't get the certificate to install. Now everything works, I just wanted to document the whole thing for people who are still having trouble or will be having this trouble. Here're the things I did.

Used Palm Certificate Modification Tools and generated certs.pdb file. Unable to install on device though.

Error: Already exists: C:\Program Files\Palm\KongC\Install\certs.pdb
         Install synchronization failed

Last year when we were still using Exchange 2003, I did try to install the old certificate so my Treo can use EAS with SSL, but the EAS with SSL never worked. I guess the old certificate was installed though thru the modification tool. So I downloaded and installed FileZ and followed instruction from http://forums.palm.com/palm/board/message?board.id=activesync&thread.id=1489, deleted CertMgr.PDB, softreset, ran quick install again for the Cert.pdb, log said deleted a file and 1 install was successful.

Tried EAS with SSL, still same error: "There was a problem with syncing. SSL error: No trusted root certficate authority list" and in detail option " AirSAMState machine 1913 14721". Softreset again, deleted both Cer.pdb and Cert.pdb on Treo using FileZ, deleted both files from Palm backup folder as well. Softreset, hotsync, no errors. Installed Cert.pdb again using Quick Install. No luck installing certificate, getting a different error "- Invalid handheld file deleted: C:\Program Files\Palm\TEST\Install\certs.pdb OK Install with 1 message(s) ", no cert installed.
Noticed Sprint software 1.04, downloaded and installed 1.07. Still unable to install certificate. "Invalid handheld file deleted."  

I tried numerous times with the certificate install, but still the same error "Invalid handheld file deleted". After reading so many posts here, I know Imaginos is very knowledgeable with this stuff and out of desperation, I sent him a PM for help. And he did. I'm a happy camper now. I can't thank him enough.

I sent him two certificates, one was from exported from IE --> Tools --> Internet Options --> Content --> Certificate --> Trusted Root Certificates, the other was distributed from my company Remote Web Workplace. He then sent me back a certs.pdb. He said he used Palm Sync Manager v7.0.2 and my first certificate to create the new certs.pdb. His certs.pdb byte count was 430 bytes and mine was 78 bytes. My certs.pdb was generated from Palm Desktop 4.2 which I reinstalled lately from the sprint cd. I followed his directions as below and sure enough the certs.pdb installed successfully this time.

-          browse to https://remote.mydomain.com and note the lack of certificate errors  (I did not get any certificate error)

-          configure Versamail with your Exchange account info - <name>@mydomain.com, <pw>, Server = remote.mydomain.com, type=EAS (during our recent server migration from sbs2003 to sbs2008, I know server address has to change from mail.mydomain.com to remote.mydomain.com, a custom dns was created for remote.mydomain.com to point to the same ip mail.mydomain.com uses. I don't know why we had to change the name though. All I know was when I used remote.mydomain.com on a windows mobile device, it worked. The old server address mail.mydomain.com didn't.)

-          Test button should now report success. (Yes, it did).

After all that, my Treo started to say receiving for a long time, then it timed out with another error "

Looks like the next thing to tackle is the default Exchange Security Policy. Once I removed the default security policy from the Exchange Power Shell, my Treo starts to sync. Yeeha!

Again, I can't thank you enough, Imaginos.