Why does a security alert pop up when accessing Outlook Web Access?

Find out how to prevent security alerts when users access Outlook Web Access (OWA) from Internet Explorer.

Every time users opens Internet Explorer (IE) to access Outlook Web Access (OWA), a security alert pops up and asks them to select "yes" or "no." They are able to log on to OWA after they select "yes." I believe this may be caused by the certificate file not being installed on the Exchange server. Is there any way to turn off the security alert?

We're using Exchange Server 2007 and Windows Server 2003 R2 64-bit with Service Pack 2. Our mailboxes were migrated from Exchange 2000 Server SP3 and Windows 2000.

Exchange Server 2007 comes with a self-signed certificate. The client access server (CAS) role uses the self-signed certificate to connect clients to OWA. No browser, by default, will see this as a valid certificate. The proper solution is to replace the self-signed certificate with a certificate from a trusted certificate authority. For more information, read Microsoft's article on understanding self-signed certificates in Exchange Server 2007.

Do you have comments on this Ask the Expert Q&A? Let us know.

Ask an Outlook Web Access question in our forum.

Dig Deeper on Exchange Server setup and troubleshooting