Exchangemaster GmbH company logo

Exchangemaster GmbH - A Swiss IT Consultancy
Getting Started
Follow Me

Follow exchangemaster on Twitter

Who's Online
We have 76 guests online
FAQ 000054 - Outlook Web Access Certificate Error - Navigation Blocked PDF Print E-mail
User Rating: / 76
Written by Dejan Foro   
Jun 06, 2009 at 04:49 PM

This article applies to:

Exchange 2007 SP1

Windows 2008 SP1 

Internet Explorer 7 



When you access your Outook Web Access page the following error is reported: 

Certificate Error: Navigation Blocked

There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.

Continue to this website (not recommended).

If you chose to continue, the Outlook Web Access Page is displayed but a certificate error is reported. 




Your Exchange server is using a self-signed certificate.

Outlook Web Access in Exchange 2007 uses HTTP Secured protocol (HTTPS), which means that a secure data channel is established and data is encrypted betwen server and the client during the session. In order for client to be able to verify the identity of the server before such session is established, a digital certificate for identification on the server is required.

During installation Exchange server creates and issues such a certificate to itself. As this certificate is not issued/signed by a certification authority these kind of certificates are refered to as self-signed certificates. Purpose of this certificate is to serve for testing of Outlook Web Access only. Exchange ActiveSync and OutlookAnywhere will not work with self-signed certificates. 

If your Exchange server is not listed under Trusted Root Certification Authorities on your client, then the certificates issued by this server are not trusted and Internet Explorer will report this as a potential security problem. 



In order to remove the error in Internet Explorer add the self-signed certificate issued by Exchange to the list of Trusted Root Certification Authorities. 

In Internet Explorer, click on the red Certificate Error field



Select View Certificate in order to download and display the Exchange server certificate. 



The certificate will be downloaded and presented. Click on the Install Certificate button.



The Certificate Import Wizard openes. Clik Next. 



Select Place all certificates in the following store: and click the Browse button to access the list of certificate stores



From the list of Certificate Stores select Trusted Root Certification Authorities and click OK.



Click Next.



Click Finish. 



Click Yes to install the certificate. 



The following message apperars.



Now we must restart Internet Explorer in order to refresh the Trusted Root Authorities list . After restart, when you try to access Outlook Web Access on your Exchange server, no error will be reported as the Exchange server is now a trusted Certification Authority and accordingly the self-signed certificate issued by Exchange is treated as valid. 




The proper solution is to get a standard digital certificate for your Exchange server. You can deploy your internal certificate infrastructure based on Windows Certificate Services or  purchase a commercial server certificate from commercial certificate providers like for example Thawte, Verisign, Digicert ... 

For detailed instructions on how to request and implement a digital certificate you can visit Microsoft TechNet web site under Managing SSL for a Client Access Server


Last Updated ( Jun 06, 2009 at 06:30 PM )
<Previous   Next>