SSL Certificates

[Gareth McAleese]

I have an exchange/outlook web access server that has installed on it a self
signed certificate. In order to get Vista to trust the server I have
installed the root certificate used to sign the certificate. This works
fine, but every now and again vista seems to unload this certficate from the
trusted root certifcates store. I am not sure how this happens as it seems
to be random, sometimes it will do this several times a day, other times its
once a week.

Has anybody any ideas on how to resolve this - other than purchase a
certificate signed by a certificate authority.

Thanks,
Gareth

 

[OKuma]

Question:

When you install the Root Certificate on the Vista machine, do you see a
Thumbprint dialog or just the Cert has been installed successfully?

OKuma

 

[Brian Komar [MVP]]

I have an exchange/outlook web access server that has installed on it a self
signed certificate. In order to get Vista to trust the server I have
installed the root certificate used to sign the certificate. This works
fine, but every now and again vista seems to unload this certficate from the
trusted root certifcates store. I am not sure how this happens as it seems
to be random, sometimes it will do this several times a day, other times its
once a week.

Has anybody any ideas on how to resolve this - other than purchase a
certificate signed by a certificate authority.

Thanks,
Gareth

1) Do not use a self-signed certificate in this case.
Why not set up an internal use PKI.
2) Assuming you are in a domain/forest environment, you
should consider centralizing distribution of the root
certificate. You can do this through GPO (Public Key
Policies) or by publishing the cert into AD in the
configuration context:

certutil -dspublish -f <certfile.cer> RootCA

Brian