I have an SBS 2003 server accessed, mostly, for RWW, from outside our office. One of my partners has a Droid that used to sync to Exchange using a self-signed certificate. The Droid 2.2 self-signed certificate problem is keeping him from accessing Exchange. I can allow the connection by checking "Ignore Client Certificates" in IIS, but am not real comfortable with the possible security risks. All outside users have a certificate installed from my Certification Authority that gets them to RWW, OWA, and Exchange and IIS has a web server certificate. My network firewall is configured to allow only incoming HTTPS to pass to the server and IIS is configured to require 128-bit SSL. Is that sufficient to protect my server and will "Ignore Client Certificates" cause any significant risk exposure?