Hi guys and girls,
I'm having an issue with I'm exchange certificates internally, when someone on the PC's opens Outlook they get the pop-up asking if they want to accept the certificate the only reason it's popping up is because the certificate is apparently not trusted!
How do I go about trusting certificates, I have set certs for IMAP,SMTP,POP and Federation!
Exchange 2010 SP1 and Outlook 2010.
I guess the cert relates to the external address of the server, and clients use it internally too?
If this is the case then create a new DNS zone, (same as your external domain) and add in an mx for your mail server, change the clients to look for the "external" server address (it will reference this on the new dns zone) and voila!
Resolved an similar issue I had with 2007 a while back.
Open up webmail which uses the same cert on a machine and when it wines about the cert install it. Then from the certificates snapin in mmc export it from the personal store to a file. You can then import this into a group policy under the windows settings > security > PKI (public key infrastructure) which will then deploy it to all of the stations covered under that GP.
Also make sure that the name is the same internally as it is on the cert as outlined in the post above.
If you have Exchange 2007 or 2010 and don't have a SAN (Cert with multiple names) then you will also need to change the autodiscovery URLs to all use the name covered by the SSL cert. Exchange 2010 & Single Name SSL Certificates | Cohesive Logic - The Microsoft Infrastructure Experts