Your network contains a server named Web1 that runs Windows Server 2008 R2 Service Pack 1
(SP1). Web1 has the Web Server (IIS) server role installed. You configure the Default Web Site to use
a self-signed certificate. You have a client computer named Computer1 that runs Windows 7. You
need to ensure that when you connect to the Default Web Site by using Computer1, you do not
receive a certificate error. What should you do?
A.
On Computer1, add a certificate to the Trusted Publishers store.
B.
On Computer1, add a certificate to the Trusted Root Certification Authorities store.
C.
On Server1, modify the SSL Settings of the Default web Site.
D.
On Server1, modify the Authentication settings of the Default Web Site.
Explanation:
In order for RPC over Http to work you must have a Trusted CA Root Certificate installed and
configured. In a situation where you are using a self-signed cert you will need to install the certificate
into the Trusted Root Certification Authorities store.
1. Connect to your OWA site by going to https://host.domainname.com/exchange
You should see a screen like the above due to the fact that your self-signed cert is not trusted.
2. Choose “Continue to this website (not recommended)”.
You should then be presented with your OWA logon page.
3. Click on “Certificate Error” beside the address bar and select view certificates.
If you do not see the Install Certificate option close IE7 and then right click on IE7 and choose run as
administrator and load the page again.
4. Once you have the install certificate button available, select “Install Certificate”.
5. This will launch the Certificate Import Wizard. Make sure to Choose the option “Place all
certificates in the following store” and select browse.
6. Select Trusted Root Certification Authorities and click Ok.
* In some cases you have to check show physical stores, then select “Local Computer” under Trusted
Root Certification Authorities.
7. Click Finish on Completing the Certificate Import Wizard
8. Click yes on the security warning to install the certificate
9. If you want to verify the Certificate has been installed you can load the certificates snap in and you
should see it under Certificates –Current User-Trusted Root Certification Authorities-Certificates.
Note: You can also copy it to the local computers certificate store so it applies for all users that use
the machine. If you install the certificate but then cannot see it please read the following KB article:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;932156http://blogs.technet.com/b/sbs/archive/2007/04/10/installing-a-self-signed-certificate-as-a-trustedroot-ca-inwindows-vista.aspx
