60 pts.
 OWA Certificate
Hi There, I have been tasked with removing the annoying "Certificate Error - Click Here to continue to website (Not REcommended)" error that comes up through our OWA site.

We have it configured to use secure access via HTTPS and want to keep it this way, however the certificate that was installed by default comes up with this error, this certificate is almost out anyway so we need to get a new one sorted - preferably without the error!!!

Ideally we want to do this through a free option. I have tried doing the following, Installing a Enterprise Root CA server on the exchange server, creating a request through the console and creating a certificate through the internal CA - I have managed to create and install the certificate, but still get the same error - I have tried both internally and externally both get the error!!

Is there a way to do this, perhaps I have missed an obvious step I don't know - any help would be great and please give me instructions a 4 year old could follow!!!!!

More Info: We are running the following:

Exchange 2007 on Server 2003 64 Bit - OWA over HTTPS - Public IP to Exchange Server using mail.domainname.co.uk

Thanks

Paul Beynon



Software/Hardware used:
Exchange 2007, Server 2003 64bit
ASKED: September 25, 2009  10:13 AM
UPDATED: September 28, 2009  7:21 AM

Answer Wiki:
If you use a private certificate authority, users will receive the certificate error you describe. This is due to the fact that unless the client computers are part of the domain where the enterprise CA is located and they have that authority in their list of trusted root certificate providers, the private CA is "untrusted". To remove this OWA certificate error, you should purchase a certificate from a trusted third-party such as Thawte, GeoTrust or Verisign. See my blog entry for additional discussion on this topic. <a href="http://itknowledgeexchange.techtarget.com/it-trenches/certificates-who-do-you-trust/">Certificates - who do YOU trust?</a> In the IT trenches? So am I - read my <a href="http://itknowledgeexchange.techtarget.com/it-trenches">IT-Trenches blog</a> Even if you have any Enterprise Root Certificate Server installed on your network, you can install that Third Party Certificate to Server and point your clients to Trust the certificate to that Server. This would resolve the issue
Last Wiki Answer Submitted:  September 28, 2009  7:21 am  by  Competent   60 pts.
All Answer Wiki Contributors:  Competent   60 pts. , Labnuke99   32,645 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


 

Just provide them with a copy of the certificate that can be imported into their browser (IE makes it pretty easy, IIRC). Once it’s imported as a trusted cert, then they should not receive the errors anymore.

Just going from memory here, but I had to do the same thing a while back. HTH.

 4,990 pts.

 

Importing the certificate may work fine but the issue is still “trust”. Not all client computers will trust a private root certificate issuer. By using a recognized trusted third party for this purpose, the browser error message will go away on all client computers.

 0 pts.