invalid certificate

[tree leafs]

Hi,
I have just installed windows certificate service and selected an
enterprisse root ca. I then issued a certificate to the default website for
enabling OWA over HTTPS. All seemed OK, but when users connect to the OWA
site the certificate cannot be installed into the trusted root CA. When
viewing the certificate, it says "This certificate cannot be verified up to
a trusted certificate authority". Is this normal for windows CA? or there is
something wrong in installing the CA and creating the certificate?

Thanks in advance,

 

[Brian Komar]

Look at the Best Practices whitepaper available at www.microsoft.com/pki.
You need to designate your root CA as a trusted root for all clients. I
assume that client's are connecting from their home computers, etc. In this
case, you should have used a certificate that chained to a commercial root
CA.

The best purpose for internal CAs is for WEb sites that are *only* connected
to by internally managed clients.
Brian

"tree leafs" <treeleafs@hotmail.com> wrote in message
news:%23ryKhAM3HHA.5360@TK2MSFTNGP03.phx.gbl...
> Hi,
> I have just installed windows certificate service and selected an
> enterprisse root ca. I then issued a certificate to the default website
> for enabling OWA over HTTPS. All seemed OK, but when users connect to the
> OWA site the certificate cannot be installed into the trusted root CA.
> When viewing the certificate, it says "This certificate cannot be verified
> up to a trusted certificate authority". Is this normal for windows CA? or
> there is something wrong in installing the CA and creating the
> certificate?
>
> Thanks in advance,
>