What messages after Exchange self-signed certificate renewal on android devices?

My Microsoft Exchange 2007 self-signed certificate will soon expires.
So, I have to renew it (... New-ExchangeCertificate -GenerateRequest ... etc.)
For the moment, it will be a self-signed certificate again.
But, We have since few months, new Android smartphone devices with ActiveSync accounts, using SSL.
So, what are the messages we can wait on these devices, after the certificate's renewal?
I would like to warn users from potential messages.
Who is Participating?
Warnings similar to those you see in a browser "This certificate is not trusted, WARNING, you should not continue" and similar are all expected. The specific messages will depend on the version of the operating system the Android devices are running, the mail app in use, etc. I have also seen some apps which will refuse to work with a self-signed without enabling a specific option, but if you are already working with a self-signed and this is just a renewal, that's probably not an issue.

The larger question is why? You can obtain wildcard certificates to protect all names under your domain for under $100/yr if you know where to look, and multi-name certificates for much less than that. Directing your users to accept warning messages about security issues does not play to the psychology of most users, who might know enough to be dangerous and almost certainly cannot distinguish between a legitimate, self-signed certificate and the one injected by the person intercepting their session (are they comparing certificate fingerprints? Probably not). If they are taught to accept such warnings as a matter of course, this only weakens your security in the long run.

(To wit: I once knew a user who had been taught to "click yes and enter your network credentials" whenever a certificate warning was presented, not understanding it only applied when a warning about a PARTICULAR certificate appeared. So that's what she did, even when this was a public website, nothing to do with the company she worked for... nothing bad happened on that occasion, but that's not the point.)
HariomExchange ExpertsCommented:
Self Signed Certificate can be create any time no need to wait for few months.

You can create new self signed certificate now and assigned the services to this new certificate.

Once all is well then you can delete the expiring certificate at any time.
j75Author Commented:
Thank you for your answers.
You are right, self-certificate is not the best solution.
Best regards.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.