Jonas Andersson [MCITP]
The best solution is to buy a 3rd part certificate from godaddy, digicert, verisign etc.
Then you won't have any problem with deploying your root CA into any devices
You can read more about the certificates in Exchange 2010 in here
Make sure you include the following names;
legacy.domain.com (if you need a coexistence scenario)
Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog