New Exchange 2007 set up on a SBS 2008 server. What is the simplest way to get rid of the annoying msg for OWA clients about the cert not being valid? I've searched for hours and found all sorts of complicated ways but no simple "step by step" from start to finish. I would like to use Windows CA to generate a cert if possible so I don't have to purchase a 3rd party one (I realize I will have to renew yearly). There's got to be a complete set of instructions out there somewhere? Thanks, John

Windows CA is not going to fix the problem because the clients will not trust those certificates. You need to use a commercial certificate. SBS is a pig because of the way everything integrates. Personally I only do commercial certificates so that everything works everywhere. $60/year for the certificate. I have instructions on the process here: http://exchange.sembee.info/2007/install/multiplenamessl.asp Along with the special instructions for SBS 2008 here: http://exchange.sembee.info/2007/install/sbs2008ssl.asp It is basically the regular certificate method for Exchange 2007, just activated through SBS. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

Thanks Simon for the response and links. So there's no way around purchasing a 3rd party cert? I have seen several articles mention installing Windows CA to generate a cert. Why would they propose that if the OWA clients wouldn't trust them? John

Thanks Simon for the response and links. So there's no way around purchasing a 3rd party cert? I have seen several articles mention installing Windows CA to generate a cert. Why would they propose that if the OWA clients wouldn't trust them? John People are tight and want to save money and will live with the errors. The Windows CA is only an option if you have control over 100% of the clients. Even then they still be a poor choice because of the need to install something on every device. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources | In the UK? Hire Me.

It is a small office and I do have control of the devices. Currently it is about 5 PC's and 5 laptops, and maybe a couple iphones/ipads. They are switching from external Gmail and I suggested OWA to save the cost of buying Outlook for each workstation. The iphones I will set up using the VPN connection to Exchange. Would this setup work with the Win CA generated cert? Thanks again for your help. John

To be honest, it will cost more in consultant and managing cost than 60$ per year So the suggestion is still to buy a 3rd part certificate Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82

Yes I agree it is much easier and less of a headache to go with a 3rd party cert. However, if you still wish to go with the internal CA and you have full control over all machines and they are domain joined you could look at configuring a group policy to apply the root CA to each machine.

Yes, you can deploy Windows CA and use those certificates Just make sure to deploy the root certificate(s) into the devices that are going to use the Windows CA http://www.petri.co.il/install_windows_server_2003_ca.htm Jonas Andersson | Microsoft Community Contributor Award 2011 | MCITP: EMA 2007/2010 | Blog: http://www.testlabs.se/blog | Follow me on twitter: jonand82