Is it possible to use Outlook Anywhere with the Windows Certificate Services (Exchange 2007)

I have just recently built a Windows 2008 Server (STD) with Exchange 2007 and want to know if I can configure Outlook anywhere with just the self signed certificate (Windows Certificate Services)?

Any help would be appreciated.

certsrv.JPG
LVL 4
mfg1Asked:
Who is Participating?
 
Alan HardistyConnect With a Mentor Co-OwnerCommented:
I guess it is entirely possible as the following EE question (accepted answer) explains, but it is not recommended, not supported and thus there is little documentation about it.
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23824495.html 
0
 
RaghuvCommented:
Yes, its very much possible to use Outlook Anywhere with Windows Certificate, however its not recommended.

To make it work, you need to ensure the Certificate on the Exchange Server is issued to the OWA URL or a URL used for setting up Outlook Anywhere (For Eg: Mail.DomainName.com) and then you need to manually install the Root Certificate in the Trusted Root store on each and every client computer where you plan to use Outlook via Outlook Anywhere.
0
 
SaakarCommented:
Gives you a little more information, I strongly agree with Raghuv that its always recommended to use a Public Certificate rather than a private one.
Outlook Anywhere and Exchange's Self-Signed Certificate
http://exchangepedia.com/blog/2007/08/outlook-anywhere-and-exchanges-self.html
 
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Alan HardistyCo-OwnerCommented:
Not according to Microsoft.  Please read the following section about the limitations of self-signed certificates from Microsoft:
http://technet.microsoft.com/en-us/library/bb851554(EXCHG.80).aspx 
Extract (in case of link failure):
The following list describes some limitations of the self-signed certificate
  • Expiration Date: The self-signed certificate expires 12 months after Exchange 2007 is installed. When the certificate expires, a new self-signed certificate must be manually generated by using the New-ExchangeCertificate cmdlet.
  • Outlook Anywhere: The self-signed certificate cannot be used with Outlook Anywhere. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party if you will be using Outlook Anywhere.
  • Exchange ActiveSync: The self-signed certificate cannot be used to encrypt communications between Microsoft Exchange ActiveSync devices and the Exchange server. We recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party for use with Exchange ActiveSync.
  • Outlook Web Access: Microsoft Outlook Web Access users will receive a prompt informing them that the certificate being used to help secure Outlook Web Access is not trusted. This error occurs because the certificate is not signed by an authority that the client trusts. Users will be able to ignore the prompt and use the self-signed certificate for Outlook Web Access. However, we recommend that you obtain a certificate from a Windows PKI or a trusted commercial third party.
     
0
 
peakpeakCommented:
I would think that you can use OLA with a self-signed certificate provided that you install the certificate on the client machine as well. Otherwise OLA cannot handle the propmting that occurs with OWA in case the root cert is not found.
0
 
mfg1Author Commented:
I have read all your posts and am now a little baffled, as we will at some point probably buy a 3rd party cert, but for us its not essential, I just need to know if it will work as my boss wanted to install win 2008 SBS and I have already got it working with outlook anywhere, however I wanted to install win 2008 + exchange 2007 std as I prefer to learn things the hard way not the wizard way.

I hope someone can give me a diffinitive answer to weather or not this will work with self signed windows certificate services.

PS I also read that article alanhardisty, however it does say it will also work with a Windows PKI cert.

if someone has dont this with windows certs and has it working could you let me know, please.
0
 
Alan HardistyCo-OwnerCommented:
Please have a read of Mestha's blog about Exchange certificates:
http://blog.sembee.co.uk/archive/2008/10/16/87.aspx

0
 
mfg1Author Commented:
I have now read it but my question is, is it possible?
I understand its not supported but, if I  needed to would it be possible?
0
 
peakpeakCommented:
Please try any of the many solutions offered by people trying to help .... if it's not working then buy a certificate .... Ok?
0
 
mfg1Author Commented:
Thank you I feel this will get me closer to getting my exchange outlook anywhere environment up and running.
0
 
mfg1Author Commented:
Just to add I now have this all working on self certificates.
0
 
Alan HardistyCo-OwnerCommented:
Well done - would you care to share how for the benefit of others?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.