OWA Certificate

60 pts.
Tags:
Exchange 2007
Outlook Web Access
OWA
OWA 2007
OWA Certificates
Hi There, I have been tasked with removing the annoying "Certificate Error - Click Here to continue to website (Not REcommended)" error that comes up through our OWA site.

We have it configured to use secure access via HTTPS and want to keep it this way, however the certificate that was installed by default comes up with this error, this certificate is almost out anyway so we need to get a new one sorted - preferably without the error!!!

Ideally we want to do this through a free option. I have tried doing the following, Installing a Enterprise Root CA server on the exchange server, creating a request through the console and creating a certificate through the internal CA - I have managed to create and install the certificate, but still get the same error - I have tried both internally and externally both get the error!!

Is there a way to do this, perhaps I have missed an obvious step I don't know - any help would be great and please give me instructions a 4 year old could follow!!!!!

More Info: We are running the following:

Exchange 2007 on Server 2003 64 Bit - OWA over HTTPS - Public IP to Exchange Server using mail.domainname.co.uk

Thanks

Paul Beynon



Software/Hardware used:
Exchange 2007, Server 2003 64bit
ASKED: September 25, 2009  10:13 AM
UPDATED: September 28, 2009  7:21 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

If you use a private certificate authority, users will receive the certificate error you describe. This is due to the fact that unless the client computers are part of the domain where the enterprise CA is located and they have that authority in their list of trusted root certificate providers, the private CA is “untrusted”. To remove this OWA certificate error, you should purchase a certificate from a trusted third-party such as Thawte, GeoTrust or Verisign. See my blog entry for additional discussion on this topic. <a href=”http://itknowledgeexchange.techtarget.com/it-trenches/certificates-who-do-you-trust/”>Certificates – who do YOU trust?</a>

In the IT trenches? So am I – read my <a href=”http://itknowledgeexchange.techtarget.com/it-trenches”>IT-Trenches blog</a>

Even if you have any Enterprise Root Certificate Server installed on your network, you can install that Third Party Certificate to Server and point your clients to Trust the certificate to that Server. This would resolve the issue

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Koohiisan
    Just provide them with a copy of the certificate that can be imported into their browser (IE makes it pretty easy, IIRC). Once it's imported as a trusted cert, then they should not receive the errors anymore. Just going from memory here, but I had to do the same thing a while back. HTH.
    5,020 pointsBadges:
    report
  • Paulbeynon
    Importing the certificate may work fine but the issue is still "trust". Not all client computers will trust a private root certificate issuer. By using a recognized trusted third party for this purpose, the browser error message will go away on all client computers.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following