I have just migrated our test environment from Server 2003/ Exchange 2003 to Server 2008R2/ Exchange 2010.
As it is only a test environment, I do not want to have to buy a public certificate for Outlook Anywhere (& OWA). To this end, I setup a CA server and created what I believe is called a self-signed certificate. I did this from within Exchange 2010 as follows: EMC > Server configuration > Exchange Certificates > New Exchange Certificate then used ...certsrv to request and download the certificate and then completed the pending request in EMC.
Finally I assigned it the IIS service so that it can be used for Outlook Anywhere & OWA.
I proceeded to install the certificate on several external PCs (IE7 & IE8) but when I access our OWA web address (https://mail.jp2.co.uk/owa
) I still get the: "There is a problem with this website's security certificate..." error.
When I "Continue to this website (not recommended). " and have a look at the untrusted certificate, it contains all the information of my newly created certificate, so the "Issued to" & "Issued by" information matches my certificate.
I can confirm that the certificates were actually installed by checking in MMC > Ceritificates > Trusted Root Certificates Authorities.
I noticed that the certificate is for "Server Authentication" rather than "Secure E-mail"- does this matter? Also, the Certificate information in EMC says: Self-signed- False.
I'd be very grateful for two answers:
1. Why is it that when an untrusted certificate from a website is imported, the: "There is a problem with this website's security certificate..." error remains? Is there a way for a client to import this untrusted certificate straight from the website to make the website trusted?
What is the difference between the certificate I created and the "untrusted" certificate found when connecting to OWA?
2. How can I get the certificate to work? The certificate I created for Exchange 2003 OWA always worked well i.e. you install it on a client PC and the website becomes trusted.
Please let me know if you require any further details- thanks!