We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Easy way to install self signed certificate on users desktops?

Medium Priority
Last Modified: 2012-05-06
I am about ready to start moving user's to Exchange 2007 but I wanted to install the self signed certificate on all desktops in my organization.

The company here doesn't own their internal namespace, some guy in the czech republic does, so a UCC certificate is out of the question.  So my solution is to run OWA out of a new website get a single namespace certificate from a trusted CA and run all the other virtual directories with the self signed certificate.

So instead of manually installing the certificate on user's desktops I was wondering if there is a way to push it via GPO, or even create an MSI with Winstall LE or something.  Any and all ideas are appreciated, thanks.
Watch Question

Expert of the Quarter 2009
Expert of the Year 2009
There is no way that I am aware of to push the certificate out.
You really need to get round the certificate issue, because Outlook Anywhere and Exchange ActiveSync are not supported with a self signed certificate.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts


The only thing I can think of is to manually install the certificate which would allow the device or workstation to fully trust the certificate.

Unfortunately this company doesn't own their internal namespace so this has caused me a headache.  I don't understand why people create thier internal domains with a .com and not ensure they own the name space.
Expert of the Quarter 2009
Expert of the Year 2009
I had a client with the same problem.
They ended up using Entrust for the certificate, where most of the namespace was the public domain name. As they were an accredited Entrust customer they were able to add the internal domains to their certificate for the SAN names.
It can be avoided, but it isn't cheap to do. Unfortunately for that client, getting the domain name off the current owner would be more expensive than the certificate.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.