Ok, i need some help. First off we only have a few client pcs that will be using "Outlook Anywhere" so I would like to save some money and just use a self issued ssl certificate if I can. The only third party options I have found were $599 for the year, and I am not so concerned with the security aspect I just want Outlook Anywhere to work and that seems like a bit much. We are running Exchange 2007 and we use OWA without any problems. What I am looking for is any kind of step by step deployment of getting this to work. Does anyone have somewhere they can direct me that will tell me the easiest way to self issue an ssl certificate for use with Outlook Anywhere. I have been searching for weeks and have been unable to find anything. I have read things about the autodiscovery part as well, and I don't know if this is a requirement or just available if you want that option. I apologize that I may not know much about all this, but I am willing to learn, I have a good understanding for networks, but once it come to certificates, I am a bit lost... ANY help would be appreciated. Also I am sure there will more questions to follow. Thanks again. Ryan

Hi Ryan, You can use a certificate from an internal certificate authority for these services as well as long as the computer you are using trusts the certificate and the certificate CA. If you are using your company laptops/computers using the Outlook Anywhere service these should already trust an internal certificate authority if it is installed as an Enterprise Root CA. If you are planning to use Outlook Anywhere on computers that do not trust your internal CA you can just get the users to add the CA in to their trusted root CA store. I would suggest to use an AD integrated CA rather than a self signed certificate as they will be trusted by all users in your AD domain and will save on manual setup and troubleshooting. Here are some links for Exchange 2007 certificates butmore on external certificates rather than internal: http://msexchangeteam.com/archive/2007/04/30/438249.aspx http://msexchangeteam.com/archive/2007/07/02/445698.aspx http://msexchangeteam.com/archive/2007/02/19/435472.aspx Cheers, Rhys

Thank you for the information, I am not clear on what you mean by " I would suggest to use an AD integrated CA ". The situation in which I am wanting to use this technology is with clients of ours that we currently host their domain and email. Currently they are accessing this through POP3 or OWA, I would like to have the ability to have them use Outlook Anywhere because I feel it is more of a complete program. There are only a couple clients thatI have in mind that would benefit from this at this time, so manually adding the certificate to their trusted root CA store would not be an issue. I care more about the ability of using this feature than I do about the secrity of an ssl.I am so new to ssls that I would like to have step by step instructions of how to self-issue an ssl in Exchange 2007 running Server 2003 x64. Thanks again for any help offered, I am trying to wrap my brain around it but it is taking some time.

By an AD Integrated CA I was referring to a internal Certificate Authority that provided integration with AD so that certificates could be automatically enrolled on domain joined computers. This would also provide an easily administered certificate system. Now that you have mentioned that you are hosting this solution for other clients I would suggest that an internal Stand alone Root CA might be better depending on how security conscious you are. In either type of internal CA you will have more control over the certificate properties such as certificate lifetime, viewing certificates, etc. You will need to manually configure the client computers to trust the CA in either case as well. I have not read anywhere how to generate another Exchange 2007 self signed certificate. Back in Exchange 2003 you could use the SelfSSL.exe tool as discussed here: http://www.messagingtalk.org/content/483.html You can also test the functionality for your clients by installing the self signed certificate on their computer. You can do this by going to https://exchangeserver/owa then going in to the certificate properties and installing in to the local computers certificate store. The problem with doing this with a self-signed certificate is that I believe that it expires after a year and there is no automatic process to renew the cert and reinstall it on clients. Cheers, Rhys