Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Certificate warning message when using OWA

Posted on 2010-09-17
8
644 Views
Last Modified: 2012-08-13
Dear experts,

I am experiencing a rather strange behavior with certificate warning in OWA. And I think it is a problem with IE8.

We are using SBS2003 with self assigned certificate. I haven't export/import the self-assigned cert to user laptop so when users open OWA they all see the Certificate Warning message at the beginning. This is fine we have no problem with that, and we have no intention changing it.

However, upon setting up a new laptop an user report a rather strange behaviour, that when he uses OWA he sees this message at the beginning, which is fine. But then he sees this message EVERYTIME he opens an email, and that is not right and is very annoying.

It is still working the user only has to click continue..... but it is annoying. Is it some settings in IE that can be adjusted to aviod such? This problem only seems to happen to user with IE8 installed. IE7 or Firefox users are OK.

Thanks.
0
Comment
Question by:ormerodrutter
8 Comments
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33699802
Thats the default behavior for a self-signed certificate.

for that to go away, you can purchase a SSL with your OWA name - mail.domain.com
This affects all other browsers - IE8 / Mozilla / Chrome etc.

The issue is - the self-signed is issued in the name of SERVERNAME - and the domain is mai.domain.com
SERVERNAME doesnt match mail.domain.com

Please ask if you have more questions
0
 
LVL 23

Author Comment

by:ormerodrutter
ID: 33700020
I am a bit surprise MS haven't updated with a fix? Anyway I would rather prefer using Firefox, as it seems OK when doing my owa email through FF.
0
 
LVL 28

Expert Comment

by:sunnyc7
ID: 33700062
There is no "fix" - this is by design.
That error message pops up to prevent fraudlent sites posing as www.bank.com etc

The default norm is to install exchange server with a ssl certificate. In case you didn't and you are using self signed cert then you will continue to get that.

User experience in ie8 is mich better than firefox

For example you can press shift + select multiple messages and then delete
In firefox etc you will have to check all boxes
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 5

Expert Comment

by:delmc
ID: 33700082
If you don't want to buy a SSL certificate, you can continue to use the self signed certificate and import it into the IE8 setup, this is done clicking install certificate and then selecting place all certificates to the following store, select show physical store and then select trusted root authorities, select local computer as the destination and then import. Finish the procedure, exit internet explorer and then retry OWA site to see if it has imported correctly. Sometimes takes a couple of attempts and needs UAC turned off in Windows 7 & Vista to complete successfully.
Although have to agree with sunnyc7 best way to go would be to use a third party SSL certificate from one of the providers such as godaddy, verisign, etc and importing it into the SBS setup.
0
 
LVL 28

Accepted Solution

by:
sunnyc7 earned 300 total points
ID: 33700097
dont want to suggest importing as end-users start using that as default thing to do when SSL is "broke".
They may end up importing really bad cert for bankinc1.com with a exact UI
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 33700371
Else...you can install the Microsoft Certification-Authority on the server/setup
Create-n-assign  the SAN cert for the exchange servers
By default the root cert. of the "Local Certificate Authority" will be installed on all the domain-joined machines
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 200 total points
ID: 33701342
I Too have to agree, at $30/year, even for one user a 3rd party certificate will save you a lot of time an energy, especially if you have any smartphones. I suspect you have spent that $30 in time already :-)

Regardless, I disagree. Usually you can accept the certificate warning (with SBS2003) once, and then not need to do so again. I just tested it with two sites using IE8, on Win7. In both cases I was asked initially, and then not asked again when opening e-mails, on one server, and on the second server the first e-mail opened asked (which I don't recall seeing before), but was not asked in ANY subsequent e-mails. I am curious as to why the difference. Have you tried adding the site as a trusted site.

As a minimum why not add the self signed certificate?
0
 
LVL 23

Author Closing Comment

by:ormerodrutter
ID: 33875118
Thx.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question