Why does a security alert pop up when accessing Outlook Web Access?

Find out how to prevent security alerts when users access Outlook Web Access (OWA) from Internet Explorer.

Richard Luckett, Learn IT Solution Group LLC

Published: 12 Sep 2008

Every time users opens Internet Explorer (IE) to access Outlook Web Access (OWA), a security alert pops up and asks them to select "yes" or "no." They are able to log on to OWA after they select "yes." I believe this may be caused by the certificate file not being installed on the Exchange server. Is there any way to turn off the security alert?

We're using Exchange Server 2007 and Windows Server 2003 R2 64-bit with Service Pack 2. Our mailboxes were migrated from Exchange 2000 Server SP3 and Windows 2000.

Exchange Server 2007 comes with a self-signed certificate. The client access server (CAS) role uses the self-signed certificate to connect clients to OWA. No browser, by default, will see this as a valid certificate. The proper solution is to replace the self-signed certificate with a certificate from a trusted certificate authority. For more information, read Microsoft's article on understanding self-signed certificates in Exchange Server 2007.

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Outlook Web Access question in our forum.

Why does a security alert pop up when accessing Outlook Web Access?

Find out how to prevent security alerts when users access Outlook Web Access (OWA) from Internet Explorer.

Dig Deeper on Exchange Server setup and troubleshooting

How do I grant users outside the LAN access to OWA?

How to configure Office Web Apps Server for use with Exchange 2013

Public or private CA: PKI deployment options for Exchange

Microsoft Exchange Server 2010

Related Q&A from Richard Luckett

Why is there an Outlook folder missing from Outlook Web App?

Why won't the Exchange 2013 Edge Transport Server install?

How do I configure Outlook Anywhere for specific external use?