IE7 not saving a self signed SSL cert

[Burble]

A few weeks ago I migrated my email platform over to Exchange running on my ESX server. I've setup OWA (and POP3 + IMAP4) using a self signed SSL certificate.

Thunderbird has accepted and saved the certificate even though it isn't valid (remember, it's self signed) but IE7 refuses to do the same. Every time I connect to OWA it warns me that the certificate is not valid so I have to click the link to continue to the site.

Next to the addressbar is another bar telling me about the certificate error. If I click that and choose 'view certificates' then I have the option to install the certificate. I click that and go through the import wizard then get a message saying that the import was succesful but each time I connect to OWA it tells me that the certificate isn't valid.

Any ideas? it doesn't bother me because I rarely use OWA but my Mother and Brother often do.

[Feek]

Good luck. I've been trying to persuade IE7 to save a cert for my VPN with no luck. In the end I've just trained users to accept it each time.

[Daz]

Have you imported the whole chain? You may have more luck importing the root CA certificate as well. I've had to do that for other MS apps with my own self signed certs (same thing actually, OWA and activesync on my Touch).

[Burble]

Good idea Daz, I'll give that a go.

[Daz]

It's probably the better way round it. If your system trusts your root CA then the browser (along with anything else, including the Windows VPN clients) will carry on regardless, assuming the name and date are ok anyway.

It does sound like a typical MS thing when you think about it. We'll allow exceptions, even prompt you to add an exception, but it only works if we trust your root (so only covers incorrect names or expired dates), and we wont tell you about it at the time. Just bury an article in MSDN somewhere.

[Burble]

Yeah, if I had thought about it logically I should have already come to the same conclusion.