I am trying to get my head around a certificate question I have. In a article I recently read it was stated that: "When Microsoft Office Outlook 2007 clients (domain-joined or not) use the Exchange Web Services provided by the Microsoft Exchange Client Access server, they will be prompted by Outlook that the certificate is not issued by a company they have chosen not to trust." I was always under the impression that your internet facing CAS server was really the only CAS server that needed a trusted cert. I work in a smaller org that has one site and two CAS servers. The internet facing CAS server has a trusted SAN cert but the other CAS server just has the self signed cert. We have plenty of Outlook 2007 users including myself and I have never gotten a trust issue notification when accessing EWS from either server. If this is indeed an issue does this mean that for every CAS server you have in an org you need a trusted cert of some sort for the EWS service? Since Outlook 2007 could be hitting any number of CAS servers depending on the site for free/busy info not just the internet facing site. Just trying to get a better understanding and any help would be greatly appreciated.

OUtlook should be fine. Other clients however will be affected by this however. Office Communicator for example. If they attempt to connect to a CAS server that has a cert their workstation doesnt trust, the Communicator integration for free/busy will fail.

You might consider building a Windows CA and creating an internal certificate.-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "mwatts7055" wrote in message news:da54eb78-ff13-4186-8d11-36f4a86ac643... I am trying to get my head around a certificate question I have. In a article I recently read it was stated that: "When Microsoft Office Outlook 2007 clients (domain-joined or not) use the Exchange Web Services provided by the Microsoft Exchange Client Access server, they will be prompted by Outlook that the certificate is not issued by a company they have chosen not to trust." I was always under the impression that your internet facing CAS server was really the only CAS server that needed a trusted cert. I work in a smaller org that has one site and two CAS servers. The internet facing CAS server has a trusted SAN cert but the other CAS server just has the self signed cert. We have plenty of Outlook 2007 users including myself and I have never gotten a trust issue notification when accessing EWS from either server. If this is indeed an issue does this mean that for every CAS server you have in an org you need a trusted cert of some sort for the EWS service? Since Outlook 2007 could be hitting any number of CAS servers depending on the site for free/busy info not just the internet facing site. Just trying to get a better understanding and any help would be greatly appreciated. Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

You might consider building a Windows CA and creating an internal certificate.-- Ed Crowley MVP"There are seldom good technological solutions to behavioral problems.". "mwatts7055" wrote in message news:da54eb78-ff13-4186-8d11-36f4a86ac643... I am trying to get my head around a certificate question I have. In a article I recently read it was stated that: "When Microsoft Office Outlook 2007 clients (domain-joined or not) use the Exchange Web Services provided by the Microsoft Exchange Client Access server, they will be prompted by Outlook that the certificate is not issued by a company they have chosen not to trust." I was always under the impression that your internet facing CAS server was really the only CAS server that needed a trusted cert. I work in a smaller org that has one site and two CAS servers. The internet facing CAS server has a trusted SAN cert but the other CAS server just has the self signed cert. We have plenty of Outlook 2007 users including myself and I have never gotten a trust issue notification when accessing EWS from either server. If this is indeed an issue does this mean that for every CAS server you have in an org you need a trusted cert of some sort for the EWS service? Since Outlook 2007 could be hitting any number of CAS servers depending on the site for free/busy info not just the internet facing site. Just trying to get a better understanding and any help would be greatly appreciated. Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." Yep, and this is typically the best solution for multiple internal AD sites. Push the Internal CA out to the workstations and use the 3rd party cert only for internet-facing sites.