Why does a security alert pop up when accessing Outlook Web Access?
Find out how to prevent security alerts when users access Outlook Web Access (OWA) from Internet Explorer.
We're using Exchange Server 2007 and Windows Server 2003 R2 64-bit with Service Pack 2. Our mailboxes were migrated from Exchange 2000 Server SP3 and Windows 2000.
Exchange Server 2007 comes with a self-signed certificate. The client access server (CAS) role uses the self-signed certificate to connect clients to OWA. No browser, by default, will see this as a valid certificate. The proper solution is to replace the self-signed certificate with a certificate from a trusted certificate authority. For more information, read Microsoft's article on understanding self-signed certificates in Exchange Server 2007.
Do you have comments on this Ask the Expert Q&A? Let us know.
Ask an Outlook Web Access question in our forum.