Friday, 17 August 2012

Windows 8 Mail and Exchange using a self-signed certificate

The following steps allowed me to get the Windows 8 Mail app to talk to an Exchange server which uses a self-signed certificate:

  1. Open up Internet Explorer in 'Administrator' mode
    1. Go to the Windows 8 desktop
    2. Right-click on the Internet Explorer icon
    3. Highlight 'Internet Explorer'
    4. press Shift-Ctrl-Enter to launch IE in 'Administrator' (elevated permission) mode
  2. Browse to the Exchange server's Outlook Web Access page – eg. https://yourexchangeserver.com/owa
  3. Ignore any warning about certificates – click on 'Continue to this website'
  4. Click on the red certificate warning in the address bar
    certificate error
  5. Click on 'View certificates'
    Untrusted certificate
  6. Click on 'Install certificate' button
  7. The 'Certificate Import Wizard' appears
  8. Leave 'Store Location' as current user
  9. Select 'Place all certificates in the following store', and click on the 'Browse' button to select 'Trusted Root Certification Authorities'
    Certificate import wizard
  10. Complete wizard
  11. Click on 'Yes' to install certificate
  12. Close IE and reopen (in non-admin mode) to confirm when browsing to the OWA URL that you no longer are warned about an invalid certificate

You should now be able to use the 'Add an account' to add your Exchange account.

15 comments:

Gert J Quint said...

hello David,
It doesnt work with me :-(
The certificate is installed but the untrusted windows appears again and i cannot add an account
any idea?

greeetz GJQ

David Gardiner said...

Hi Gert,

hmm. Make sure you explicitly set the store for the certificate. Otherwise I'm not sure what to suggest.

-david

Tealsteam said...

I have attempted the same thing, I'm still recieving Certificate Error

Tealsteam said...

Please disregard my previous comment if recieved,

I have found a solution as to why this didn't work for me, I had to request a .pfx certificate aswell, after installing this to the same location, I was able to sync to the Exchange.

Tamás Roncsák said...

@Tealsteam How did you do that?

Tamás Roncsák said...

@Tealsteam How did you do that?

Nemskiller said...

Hi David.
I successfully done your tutorial.
I can access to my Exchange on IE without having the question of security of Microsoft.
The problem is still there with Mail of Windows 8.
I configure it good but MAIL still say to me : You need to install a certificate on this PC. Contact your admin ... and so on.

@Tealsteam : How did you do that ?

Anonymous said...

Sorry but maybe it's a lame question but when i clicked on the certificate error thing then where can i find the install option? Because when i go to view certificates then i still can't find install option. Thanks in advance!

Anonymous said...

@Tealsteam

How did you request .pfx certificate? Please tell me step by step. Thanks in advance!

Anonymous said...

You do not get the "install" option unless the site is in your trusted sites list - so you must go to "internet options" -> "trusted sites" -> "sites", add the site, then reload and the certificate install option is available.

Anonymous said...

The server name under mail settings must be the same as the certificate name and DNS must be able to resolve the server name to the proper ip. Worked for me after installing the certificate as described.

Anonymous said...

I've done your steps but still i get that warning page.... And i got install option only when i run internet explorer as administrator. Did i do anything wrong? What i did is i opened the internet explorer as administrator then i went to internet options->privacy->sites and i added that website, i also installed the certificate both as current user and local machine.

Anonymous said...

Worked for me. Thanks. I had our local IT people come and look before finding your instructions and they had no idea!

Anonymous said...

Worked for me. Thanks. I had our local IT people come and look before finding your instructions and they had no idea!

Anonymous said...

This only worked for me for a particular certificate once I followed the certification path up to the root certificate and installed *that* one into the Trusted Root Certificate Authorities store.