Granted, I don't know that much about SSL but the fog gets much much thicker now that I'm working on Exchange 2007 with ISA 2006. Nearly all organizations that I've worked with/for have always used self signed certs. I'm working with a client that has: (1)Single server Exchange 2007 Enterprise (1) ISA 2006 Useingaself signed cert from a server that no longer exists in the domain for the default website in IIS. The SSL cert just expired and now OWA clients can't connect. On the logs I'm getting: Inbound direct trust certificate with thumbprint B9D0E6B86A6BF1D53X3F10XXXADF6334A2A98XXX has expired. Run New-ExchangeCertificate to generate a new direct trust certificate. So I did just that: I ran NEW-EXCHANGECERTIFICATE in the shell management console. Still I get that message. Am I supposed to do something else? ALSO - I installed the Certsrv onto the Exchange box and generated a new cert for OWA and installed it in IIS and imported it into the Cert store but it's still not working. The clients are getting: Error Code: 500 Internal Server Error. The certificate chain was issued by an authority that is not trusted. (-2146893019) If I VIEW the cert in IIS, it looks hunky dory and IT says that it's ok. I haven't touched ISA yet as am remoting in. They are planning on buying ssl certs as I'm pretty sure that's why their ActiveSync isn't working. Can anyone confirm or deny that this would be the cuase? HELP ME. Please please ! Some expert PLEASE help!!!!!!!!!!

authority that is not trusted Install Trust Authority again in Trusted Root CA! Try,man.

Hi, Itwill be much easier to buy a SSL cert from a trusted provider. In this way you don't need to install root certificates on mobile devices and OWA clients won't get a warning about a certificate from an untrusted source. Leif

Thanks Leif, that's helpful information. I have ISA 2006 server in front of the exchange and this, I believe is were the problem is occuring and I can't figure it out with the self signed cert. I really think it's ok on the exchange box but when I import it to the ISA box and try to use it on the web listener it doesn't like the cert. It says tha it's invalid. My question to you is: when we buy certs from, do I need to buy one for the exchange box AND one for the ISA box? Thanks!

I have the same problem. Try this article. (Try to do it the exact same way.) http://www.isaserver.org/articles/2004pubowartm.html Regards

Hi mate! Do you still have this problem? What is the Certificate Status? Is the Certification Path correct? Cheers, Yuri

Is the CA certificate of the new OWA certificate available to the clients? Clients must have that Root CA certificate.

I should have closed this thread a long time ago. Yes, the cert was in the correct path. Tried everything I could think of but just couldn't make the self-certs work, it was madness. So, I just advised the company that hired me to buy certs from a trusted authority. After that it worked like a charm and got it to work without any hassles within minutes. Thanks to all those that posted comments. Chig