I spent the weekend trying to test and figure out what was going on.  I found that if I named the email server (the name after HTTPS:// in the setup) the same as the certificate name shown in the certificate manager (Launcher>Device Info>More Info>Menu>Certificate Manager), that the error would go away.  The problem for me was that the cert name in the cert manager was different than the mail server address (in my case server.[domain].local instead of mail.[domainname].com).  The process that it appears to use is:

1) check for certificate...

2) does the CN match the HTTPS:// in setup?

3) if no, use error "Check certificate, date and time not correct " (or whatever it is) - - - if yes, then go to HTTPS://

4) does exchange require pin security?  If no, proceed to sync - - - if yes, use error "security policies not supported"

So, I looked closer at the cert and it held multiple common names (CN) for the cert.  It appears that EVERY OTHER DEVICE can filter through the list of common names and use the one that works.  The Pre on the other hand uses only one (whether it is the first or last, I don't know). 

So, there are two options to the certificate problem (i guess the 3rd is you could return the phone):

FIRST SOLUTION

=====================

1) Check the cert name in cert manager. 

2) If it is a DNS resolvable name (i.e.  [mail].[mywebsite].[com]) then change that setting in your exchange setup in the mail server field next to the HTTPS://

This will fix it only if your IT admin has you with permissions on the domain used.  It is possible that an alias is used on other domains

SECOND SOLUTION (what I had to do)

=================================

1)  make sure that your Certification Authority is installed.  You can do this by going to START>ADMINISTRATIVE TOOLS>CERTIFICATION AUTHORITY - OR - on a computer on your network using IE/Safari/Firefox and typing http://server/certsrv.  If the page is found, then you are installed, if not, then you will need to have it installed.

*****NOTE:  SBS 2003 WILL ISSUE A CERT TO THE IIS WITHOUT THE CA ROOT.  THIS APPEARS TO BE THE PROBLEM WITH THE SELF GENERATED CERTS THAT I HAD

2) If you don't have it installed, go to this topic, it was well written for step by step instructions of how to install, create the cert request, create the cert and install the cert (it took me about 30 min).   http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html

****NOTE:  IF YOU ALREADY HAVE A CERT ON IIS, YOU WILL NEED TO REMOVE IT AS THIS IS THE "FLAWED" CERT BEFORE YOU CAN REQUEST A NEW CERT.  YOU MAY BE ABLE TO REINSTALL IT IN ADDITION TO THE NEW CERT, BUT I DON'T KNOW

3) open https://mail.domain.com/exchange on your computer - view details of the cert and save the file to your desk top - if you use a laptop, you can also install it on  your laptop to use for use when out of the office (it is also a nice back-up that you can use to get it again later if necessary).

4) plug in your Pre in USB mode.  

5) drag and drop the cert then disconnect the USB cable

6) go to cert manager

7) tap the "sun" icon at bottom left corner

8) tap the new cert file you saved in USB mode

9) confirm that the new cert shows up with the correct mail server name

10) go to the mail program and set up the exchange account

The above will create a TRUE root cert (not IIS Domain Root Cert) that the Pre can work with.

Really, I am not sure how/why Palm overlooked this possibility as they supposedly claimed to not want to sell to companies that need strict security requirements.  To me, that means a small / medium business that has limited IT support (either as-needed, pay as you or green IT guys with limited knowledge).  So, why they wouldn't test the Pre's in that environment, I am not sure.  I bet that they tested it on their own network that has all the correct, best practice methods in use for cert management.  I guess it is just like the developers that they offended and almost lost their support until the went back and said, "sorry, we really want you to make programs for our WebOS platform.  We have just been paranoid for so long we salivate when the bell chimes."  They just didn't beta test this well enough.  The sad outcome of this is that Sprint will have to deal with all the returns because this simple certificate reading process was only given minimum recognition abilities.

But with that said - I am now thoroughly in love with my Pre!!!   

I am happy to try and help if you need it.  I found a lot of the forum solutions weren't detailed enough, so feel free to  contact.