because my AD domain and mail domain name is different. I've use exchange2010 certificate wizard to generate the request file and use my windows srv2008 certificate authority to generate the cert. But after a complete pending request process, the self siged status change to false. Can i try to import my Cert to I.E., i just can import to Personal cert store, but Trust Root Certificate Authorities store

If you used a certificate authority to generate the certificate, then it is not a self-signed certificate. In Exchange 2010, you can use the certificate wizard to (1) generate the certificate request, and (2) complete the request to enable the certificate you were issued by the CA. You don't need to import anything in the case you describe. If you wanted to use the certificate for another server, you could export it from the first server and import it into the second server. Since it's not a self-signed certificate, you do not need to import it into the Trusted Root Certificate Authorities store. The Trusted Root Certificate Authorities store should already have the root certificate for your Windows Server 2007 CA, and that's all that needs to be there. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "try and try" wrote in message news:27489442-2992-4634-a1c6-c4e4b7153c9b... because my AD domain and mail domain name is different. I've use exchange2010 certificate wizard to generate the request file and use my windows srv2008 certificate authority to generate the cert. But after a complete pending request process, the self siged status change to false. Can i try to import my Cert to I.E., i just can import to Personal cert store, but Trust Root Certificate Authorities store Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

thank you Ed, Do i need to import this cert to my clinet PC, if i want to using outlook anywhere?

Hi, If you are using resource forest, you can create a certificate in the Resource Forest, then Configure the Trust Root Validation in the Account Forests. You can follow this article:(Similar with Windows 2003 & Exchange 2007): Deploying an Exchange Resource Forest (Part 3) http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/deploying-exchange-resource-forest-part3.htmlFrank Wang

If the CA is an enterprise CA, and if the PC is a domain member, then your CA's root certificate should be in the PC's Trusted Root Certificates store and the PC will trust the certificate. You can check to see if it is yourself. If the PC is not a domain member, you will want to import the CA's root certificate into the PC's Trusted Root Certificates. This is why third-party certificates are often used, so that non-domain-member PCs, and especially mobile devices since they're hard to manage, automatically trust your certificate. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "try and try" wrote in message news:4bbba1b3-b40f-47f6-8b23-d77297d65208... thank you Ed, Do i need to import this cert to my clinet PC, if i want to using outlook anywhere? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

I've create a new cert which can import to "trusted root cert" store on my client desktop's I.E. but when i use outlook anywhere the login box continuous prompt out whether my login name and password correct or not. I try to test inhttps://www.testexchangeconnectivity.com/ it show the following error Certificate trust validation failed Certificate chain could not be built. You may be missing required intermediate certificates What i am missing when i generate the cert?

TestExchangeConnectivity will never succeed when you have a private CA certificate because they will not have your root certificate. Please detail the steps you took to export and import your root certificate. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "try and try" wrote in message news:cf70c176-844e-4a64-bcc7-6d1194e8f719... I've create a new cert which can import to "trusted root cert" store on my client desktop's I.E. but when i use outlook anywhere the login box continuous prompt out whether my login name and password correct or not. I try to test inhttps://www.testexchangeconnectivity.com/ it show the following error Certificate trust validation failed Certificate chain could not be built. You may be missing required intermediate certificates What i am missing when i generate the cert? Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."