What messages after Exchange self-signed certificate renewal on android devices?

Hello,
My Microsoft Exchange 2007 self-signed certificate will soon expires.
So, I have to renew it (... New-ExchangeCertificate -GenerateRequest ... etc.)
For the moment, it will be a self-signed certificate again.
But, We have since few months, new Android smartphone devices with ActiveSync accounts, using SSL.
So, what are the messages we can wait on these devices, after the certificate's renewal?
I would like to warn users from potential messages.
Thanks.
JM D.Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tigermattCommented:
Warnings similar to those you see in a browser "This certificate is not trusted, WARNING, you should not continue" and similar are all expected. The specific messages will depend on the version of the operating system the Android devices are running, the mail app in use, etc. I have also seen some apps which will refuse to work with a self-signed without enabling a specific option, but if you are already working with a self-signed and this is just a renewal, that's probably not an issue.

The larger question is why? You can obtain wildcard certificates to protect all names under your domain for under $100/yr if you know where to look, and multi-name certificates for much less than that. Directing your users to accept warning messages about security issues does not play to the psychology of most users, who might know enough to be dangerous and almost certainly cannot distinguish between a legitimate, self-signed certificate and the one injected by the person intercepting their session (are they comparing certificate fingerprints? Probably not). If they are taught to accept such warnings as a matter of course, this only weakens your security in the long run.

(To wit: I once knew a user who had been taught to "click yes and enter your network credentials" whenever a certificate warning was presented, not understanding it only applied when a warning about a PARTICULAR certificate appeared. So that's what she did, even when this was a public website, nothing to do with the company she worked for... nothing bad happened on that occasion, but that's not the point.)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
HariomExchange ExpertsCommented:
Self Signed Certificate can be create any time no need to wait for few months.

You can create new self signed certificate now and assigned the services to this new certificate.

Once all is well then you can delete the expiring certificate at any time.
0
JM D.Author Commented:
Thank you for your answers.
You are right, self-certificate is not the best solution.
Best regards.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.