Hi All, I have an issue with our home office users using outlook. We have an Exchange 2007 Server with Outlook 2007 client and everything works fine within our network. I have a couple of home office users which dial in via VPN to our network. They use a local instance of Outlook and they can connect to exchange but they get a certificate error: This Security Certificate Was Issued by a Company that You Have Not Chosen to Trust I assume it´s because they log on localy to their home PCs and because these Clients are not member of the AD but I have no idea how to solve this issue. Thanks in advance for any help, Chris

Is the Exchange server using a intenal or public cert?Tim Harrington - Catapult Systems - http://HowDoUC.blogspot.com

It´s a internal cert.

Hi I assume you have a CA internally? Have you published the root certificate and intermediate certificate to the clients?Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

Hi, yes, I have an internal CA. The internal PCs get the root Certificate automaticly by beeing member if the domain and via the logon process of the user right? How can I publich the certificate to the stand alone PCs at my home office users? regards, Chris

You can't ... You need to export and import it to the home pcJonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

I do that via the mmc Certificate snap-in, right?

Hello Chris, For domain-connected clients, Outlook 2007 is designed to ignore the first validity check in the previous list. This design enables Outlook 2007 to function without any certificate warnings when Outlook uses the self-signed certificate that is installed by Exchange 2007 Setup. So there is no warning in the domain. As Jonas said, you need to export the import the root certificate into the client computer at home. More information: http://technet.microsoft.com/en-us/library/bb332063(EXCHG.80).aspx Thanks, Elvis

Hi, I did the export/import but it still not working. My root certificate is issued to "servername" and not to the fqdn of the servername. When I import it to the client I still get the error, I thinks its becaus of the missing fqdn in the certifiate. I would not like to change the root cert now because everything else is working fine so far. regards, Chris

Hi Chris, I agree with you. The fqdn should be included in the certificate, if not, it will show the warning. In order to fix it, you need to add the fqdn to the subject name of certificate. Thanks, Elvis

Hi Elvis, do I have to isuue a new cert or is there a way to modify the existing? regards, Chris

Hi Chris, You need to apply a new certificate. Per my knowledge, there is no way to modify the existing one. Thanks, Elvis