OWA Certificate
Hi There, I have been tasked with removing the annoying "Certificate Error - Click Here to continue to website (Not REcommended)" error that comes up through our OWA site.
We have it configured to use secure access via HTTPS and want to keep it this way, however the certificate that was installed by default comes up with this error, this certificate is almost out anyway so we need to get a new one sorted - preferably without the error!!!
Ideally we want to do this through a free option. I have tried doing the following, Installing a Enterprise Root CA server on the exchange server, creating a request through the console and creating a certificate through the internal CA - I have managed to create and install the certificate, but still get the same error - I have tried both internally and externally both get the error!!
Is there a way to do this, perhaps I have missed an obvious step I don't know - any help would be great and please give me instructions a 4 year old could follow!!!!!
More Info: We are running the following:
Exchange 2007 on Server 2003 64 Bit - OWA over HTTPS - Public IP to Exchange Server using mail.domainname.co.uk
Thanks
Paul Beynon
Software/Hardware used:
Exchange 2007, Server 2003 64bit
We have it configured to use secure access via HTTPS and want to keep it this way, however the certificate that was installed by default comes up with this error, this certificate is almost out anyway so we need to get a new one sorted - preferably without the error!!!
Ideally we want to do this through a free option. I have tried doing the following, Installing a Enterprise Root CA server on the exchange server, creating a request through the console and creating a certificate through the internal CA - I have managed to create and install the certificate, but still get the same error - I have tried both internally and externally both get the error!!
Is there a way to do this, perhaps I have missed an obvious step I don't know - any help would be great and please give me instructions a 4 year old could follow!!!!!
More Info: We are running the following:
Exchange 2007 on Server 2003 64 Bit - OWA over HTTPS - Public IP to Exchange Server using mail.domainname.co.uk
Thanks
Paul Beynon
Software/Hardware used:
Exchange 2007, Server 2003 64bit
ASKED:
September 25, 2009 10:13 AM
UPDATED:
September 28, 2009 7:21 AM
RELATED QUESTIONS
- NLB Cluster for Exchange 07 HT and CA roles installed on Windows Server 2003 Enterprise R2
- SSL certificate for 2nd Exchange OWA
- Additional SSL SSRS site within 2008 SSRS Integrated mode
- The Server that contains information about your user account nd mailbox can't be found
- Exchange server 2007 certification error
Answer Wiki:
If you use a private certificate authority, users will receive the certificate error you describe. This is due to the fact that unless the client computers are part of the domain where the enterprise CA is located and they have that authority in their list of trusted root certificate providers, the private CA is "untrusted". To remove this OWA certificate error, you should purchase a certificate from a trusted third-party such as Thawte, GeoTrust or Verisign. See my blog entry for additional discussion on this topic. <a href="http://itknowledgeexchange.techtarget.com/it-trenches/certificates-who-do-you-trust/">Certificates - who do YOU trust?</a>
In the IT trenches? So am I - read my <a href="http://itknowledgeexchange.techtarget.com/it-trenches">IT-Trenches blog</a>
Even if you have any Enterprise Root Certificate Server installed on your network, you can install that Third Party Certificate to Server and point your clients to Trust the certificate to that Server. This would resolve the issue
To see all answers submitted to the Answer Wiki: View Answer History.
Just provide them with a copy of the certificate that can be imported into their browser (IE makes it pretty easy, IIRC). Once it’s imported as a trusted cert, then they should not receive the errors anymore.
Just going from memory here, but I had to do the same thing a while back. HTH.
Importing the certificate may work fine but the issue is still “trust”. Not all client computers will trust a private root certificate issuer. By using a recognized trusted third party for this purpose, the browser error message will go away on all client computers.