If you only run Exchange for an internal network and never want to allow access from the Internet, the set of self-published certificates installed on Exchange 2010 servers when they are installed by the setup program is sufficient for your purposes, as long as you’re willing to have OWA clients install the self-signed certificates to avoid the nagging warnings from browsers that you’re connecting to an untrusted site when you start OWA. To get around the problem, install the self-signed certificate from the Exchange CAS server that you use to connect to OWA in the trusted root certification authorities store on the PC (or use a Group Policy Object to distribute the certificate to multiple PCs around the organization). Afterward the ...