OWA Certificate
60 pts.
0
Q:
OWA Certificate
Hi There, I have been tasked with removing the annoying "Certificate Error - Click Here to continue to website (Not REcommended)" error that comes up through our OWA site.

We have it configured to use secure access via HTTPS and want to keep it this way, however the certificate that was installed by default comes up with this error, this certificate is almost out anyway so we need to get a new one sorted - preferably without the error!!!

Ideally we want to do this through a free option. I have tried doing the following, Installing a Enterprise Root CA server on the exchange server, creating a request through the console and creating a certificate through the internal CA - I have managed to create and install the certificate, but still get the same error - I have tried both internally and externally both get the error!!

Is there a way to do this, perhaps I have missed an obvious step I don't know - any help would be great and please give me instructions a 4 year old could follow!!!!!

More Info: We are running the following:

Exchange 2007 on Server 2003 64 Bit - OWA over HTTPS - Public IP to Exchange Server using mail.domainname.co.uk

Thanks

Paul Beynon



Software/Hardware used:
Exchange 2007, Server 2003 64bit
ASKED: Sep 25 2009  10:13 AM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
0
60 pts.
0
A:
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
  • AddThis Social Bookmark Button
If you use a private certificate authority, users will receive the certificate error you describe. This is due to the fact that unless the client computers are part of the domain where the enterprise CA is located and they have that authority in their list of trusted root certificate providers, the private CA is "untrusted". To remove this OWA certificate error, you should purchase a certificate from a trusted third-party such as Thawte, GeoTrust or Verisign. See my blog entry for additional discussion on this topic. Certificates - who do YOU trust?

In the IT trenches? So am I - read my IT-Trenches blog

Even if you have any Enterprise Root Certificate Server installed on your network, you can install that Third Party Certificate to Server and point your clients to Trust the certificate to that Server. This would resolve the issue
Last Answered: Sep 28 2009  7:21 AM GMT by Competent   60 pts.
Latest Contributors: Labnuke99   26230 pts.
0
0
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Koohiisan   995 pts.  |   Sep 25 2009  2:42PM GMT

Just provide them with a copy of the certificate that can be imported into their browser (IE makes it pretty easy, IIRC). Once it’s imported as a trusted cert, then they should not receive the errors anymore.

Just going from memory here, but I had to do the same thing a while back. HTH.

 

Troy Tate   0 pts.  |   Sep 25 2009  5:06PM GMT

Importing the certificate may work fine but the issue is still “trust”. Not all client computers will trust a private root certificate issuer. By using a recognized trusted third party for this purpose, the browser error message will go away on all client computers.

 
0