Hello..We have Exchange 2007 server installed on 1 server - when user type the OWA address http://abc.test.com he used get certificarte error - and once he click on ( Contiune to this website) he will be redirect to OWA page -- Since we dont have any certificate we would like to remove this error page when users type the OWA address -- and he should directly see the OWA login page ..So would you kindly assist me how can i do this ..Do i need to configure on IIS or in Exchange 2007 console ..Please help !!!Thanks

By default Exchange 2007 uses a self-signed certificate which will give you a certificate error, butOWA requires a valid third-party SSL certificate to remove this error. You can get 3rd party certificate from anyone of the external CA... Certificate Use in Exchange Server 2007 http://technet.microsoft.com/en-us/library/bb851505.aspx Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

Thanks for your email - how about if we change the setting in IIS and remove the SSL or slect Basic authentication?secondly how can i genegrate the local certificate ?? can i do it through IIS ? since i am not much familer with these stuff ...Thanks

In Exchange 2007 OWA doesn't work without SSL. You need to have PKI infrastructure to generate certificate from local CA but I guess it would be more costly compare to buying a third-party SAN certificate...Amit Tank | MVP Exchange Server | MCITP: EMA | MCSA: M | http://ExchangeShare.WordPress.com

HI, agreed with amit and bear in mind Exchange 2007 self signed certificate will expire after 1 year. Then you have to re-enable that certificate. Create a certificate for your exchange server requesting the certificate from your internal certification authority and install it into your exchange server (default 2 years valid).Please see similar thread.OCS 2007: Certificate with multiple FQDN's regards Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/

Thanks for your reply - well as i mention that we have very small network - and we dont have any CA server where we can generate the certificate.. How can if we can genetrate the certificate from powershell within Exchanger server ?? if YES then kindly send me the resources or step how i can generate the certificate..Secondly kindly send me a gmlipmse perhabs the step guide how to generate the certificate...thanks to all for your assistnaceThanks

HI, you can configure internal CA on any windows 2003 or windows 2008 domain member server. Then generate Exchange certificate via Exchange management shell and request new certificate from internal root ca.after that you should able to Import the certificate to exchange which you have download from Internal root CA. I have mentioned below step by step articles for both instances.Example CMdlet for generate CANew-ExchangeCertificate -GenerateRequest - Domainname mail.demo.com, ServerName.internal.com, autodiscover.demo.com, ServerName -FriendlyName mail.demo.com -PrivateKeyExportable: $True -path c:\Cert.reqExample CmdLet for import certificate to Exchange Import-ExchaneCertificate -path c:\hdhdh.cer | Enable-ExchangeCertificate -Services IIS, SMTPResourcesCreate Certificate for Exchange 2007 Servers using Windows CA Install Windows Server 2003 CA Securing Exchange Server 2007 Client Access Regards Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/

Thanks dear for your glipmse !!! well here i am bit confused with the cmd - since i am not soo expert with Exchange PowerShell... would you kindly let me know what i have to type in the bold letters ServerName.internal.com : What server name i have to give is it should be the exchange server ??autodiscover.demo.com: what i have to give here "demo" is should be servername of Exchange server ?New-ExchangeCertificate -GenerateRequest - Domainname mail.demo.com, ServerName.internal.com, autodiscover.demo.com, ServerName -FriendlyName mail.demo.com -PrivateKeyExportable: $True -path c:\Cert.reqcert.req : Once i iniciate this cmd i will be getting the certificate in the c:\ drive ??Would you kindly give me an example with these names:Exchange Servername: SERVEROWA Address: mail.server.comDomainName: abcYour assistance please...Thanks

HI, ServerName.internal.com : What server name i have to give is it should be the exchange server ?? Microsoft recommends addingExchange server's FQDN and server nameautodiscover.demo.com: what i have to give here "demo" is should be servername of Exchange server? Demo.com means your external domain like contoso.comcert.req : Once i iniciate this cmd i will be getting the certificate in the c:\ drive ?? yesPlease look at the below command. I have added additional example names there to easy understand. Exchange Server name: - Server External OWA address:-mail.contoso.com External domain name:-Contoso.com Internal domain Name:-abc.local External autodoscover name: - autodiscover.contoso.comExample Cmdlet:- New-ExchangeCertificate -GenerateRequest - Domainname mail.contoso.com, server.abc.local, autodiscover.contoso.com, Server -FriendlyName COntoso.com certificate -PrivateKeyExportable: $True -path c:\Cert.req MeanwhileDigicert has great tool to create this request. I suggest you to use this tool as well. Exchange 2007 SSL CSR Command Wizard Regards Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/

Thanks for your reply -- well my manager agreed to purchase the third party SSL certificate -- I was trying with thwate site and while purchase its asking me to inout "CSR" file -- so would you kindly let me know how can i genetrate from my exchange server ??Thanks

HICSR mean certificate request.I have mentioned in above post how to create certificate request.http://technet.microsoft.com/en-us/library/bb851505.aspxregards Chinthaka Shameera | MCITP: EA | MCSE: M | http://howtoexchange.wordpress.com/

The issue is resolved in the following thread:http://social.technet.microsoft.com/Forums/en-US/exchangesvrgeneral/thread/560950c6-526a-45c6-8b8c-9e2d6f6ade3c