Exchange Server 2010 uses SSL certificates for securing HTTP connections. There are three types of certificates:
- Self Signed Certificates – These are certificated generated by the Exchange Server itself during the actual installation of the Exchange Server 2010 Client Access Server. Outlook Web App (OWA) en Exchange Activesync (on Windows Mobile devices) can work with Self Signed Certificates. Since these certificates are not trusted by the workstation running your browser or the Windows Mobile device you have to copy the certificate to the certificate store manually.
Note. Outlook Anywhere doesn't work with Self Signed certificates.
- Windows CA – You can install your own Certificate Authority (CA) as part of a Public Key Infrastructure, you can install a PKI using the Add/Remove programs option in the Control Panel. But, you have to be careful installing your own PKI since it gives some constraints on your Active Directory, especially when you decide to install it on a Domain Controller. You can configure your Windows 2008 Certificate Authority to issue Unified Communications certificates by entering the following command on a command prompt:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
Domain joined clients will automatically trust the certificates issued by the Windows CA in your domain. For non domain joined clients and Windows Mobile devices you must still import the trusted root certificate in your workstations or Windows Mobile certificate store.
- Third party certificates. These certificates are issued by a third party and trusted vendor. Since these are commercial organizations you have to purchase these certificates seperately. Most 3rd party vendor have their root certificate already in the workstations or Windows Mobile device certificate store so you don't have to take care about this at all. A list of supported 3rd party vendors is in Microsoft knowledge base article KB929395