I have a single forest single domain Windows Server 2003 EE AD environment. I have two Exchange 2003 servers (one is just dedicated to OWA; this same server is also the CA). I have a problem where users access OWA and they are prompted with the security certificate warning (There is a problem with the website's security certificate). They click continue which then connects them. They are prompted again with the warning when opening an email. The certificate appears valid. The same issue occurs when accessing OWA outside our district. Any ideas?

The error should tell you which reason it is failing on - it will be one of three - date, trust or host. Without knowing which one it is, it is hard to know what to suggest. Do be aware that a certificate issued to domain.com is not the same as a certificate issued to owa.domain.com and would generate the error. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources

IF you are using Internal ( your CA created) certificate it will pop for an error. You can save the certificate which should stop error from that PC/Laptop. To completely stop the error buy a third party certificate. http://security.fnal.gov/pki/Export-Personal-Cert.html - should help

Simon- In my case it is date (The security certificate presented by this website has expired or is not yet valid). Where would I start to look to troubleshoot this? Thanks. Sean

IF your cert is from External authority than you should renew it from them. IF from internal CA you should do the same.

I was able to renew it. I appear to be getting an Event ID 80 warning in the App log indicating the following: Event Type: Warning Event Source: CertSvc Event Category: None Event ID: 80 Date: 10/6/2010 Time: 12:09:14 PM User: N/A Computer: ADMINOWA Description: Certificate Services could not publish a Certificate for request 131 to the following location on server adminrootdc03.obps.local: ldap:///CN=webmail,CN=AIA,CN=Public Key Services,CN=Services,CN=Configuration,DC=obps,DC=local. Insufficient access rights to perform the operation. 0x80072098 (WIN32: 8344). ldap: 0x32: 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

if you are able to renew it and the date is updated you may ignore the warning else check - http://support.microsoft.com/kb/300532

Has the certificate error gone in the OWA?James Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com

Still experiencing the error. Once when browsing to the URL and then again when opening a message. Looks as though it is renewed and date is updated. Any other ideas? Thanks.

Please check if there’s any expired certificate on the server or client machine: Open Internet Explorer, clicking on tools>internet option>content >certificates> and looking under "trusted root certified authorities", if we found any which says expired we can delete them Please verify if the system date and time is correct on the client machineJames Luo TechNet Subscriber Support (http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx) If you have any feedback on our support, please contact tngfb@microsoft.com