Last week Rick and I were in Vancouver for the My TechNet Security tour and again we had some great questions again. One of the SMS questions that came in had to do with deploying your self signed Root CA via Active Directory. When using an internal CA you'll have to deploy your Root CA as a trusted root to prevent those SSL warnings from appearing. You can read the how-to on deploying your Root CA via AD at the following location.
You can also go one step further with SSL with IE7 and leverage SSL Validation (aka the green address bar in IE7).
One correction I wanted to make was that I had mentioned you can get a trusted SSL certificate from GoDaddy.com for $29, it is actually only $19.99USD. I use a GoDaddy certificate thelazyadmin.com and on our SBS server for OWA and it is well worth the $20 for the simplicity over deploying and managing Root CAs. They even sell EV-SSL certificates although they cost a little more than $20 🙂 https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=9039