XCLN: Configuring Exchange OWA to Use SSL

Article translations Article translations
Article ID: 234022
Expand all | Collapse all

Summary

Exchange Server Outlook Web Access (OWA) may use Secure Sockets Layer (SSL) security for multiple reasons; the most common is to allow Windows NT domain password changes from within OWA. However, by enabling SSL on the OWA Exchange Server virtual directory, you also provide the most currently secure method for accessing OWA.

More information

To enable SSL on the Exchange Server virtual directory:
  1. Register a Root Certificate Authority (CA) Certificate on the Internet Information Server (IIS) computer that OWA is installed on. For more information on setting up a CA Certificate, see the following article in the Microsoft Knowledge Base:
    218445 How to Configure Certificate Server for Use with SSL on IIS
  2. Create and install a Key Certificate for the WWW portion of the IIS/OWA server. For more information on creating and installing the key certificate, see the above listed article, Q218445.
  3. Start the Internet Service Manager (ISM), which loads the Internet Information Server snap-in for the Microsoft Management Console (MMC).
  4. In the MMC, right-click the directory IISADMPWD, and then click Properties.
  5. Click the Directory Security (or File Security) tab. Under Secure Communications, click the Edit button.
  6. Click to select the Require Secure Channel when accessing this resource" check box.
  7. Click OK twice to return to the MMC.

    NOTE: These steps are enough to allow password changes from within OWA using SSL. Continuing with the remaining steps will enable SSL on the entire OWA site.
  8. Repeat steps 4-7 for the Exchange Server virtual directory.
Any client's connection to any sites that have been SSL-enabled will require that a copy of the Root Certificate Authority (CA) Certificate to be installed in the client's browser. If you are using a commercial (VeriSign) Root CA Certificate, this is usually already done. However, if you are using your own Root CA Certificate (Microsoft Certificate Server), you will need to provide a link to install this. See the above-listed article, Q218445, for additional information on completing this.

SSL security on the Exchange Server virtual directory provides total encryption of all data sent to and from the client browsers. The client authentication methods provided by IIS (Allow Anonymous, Basic Clear Text, and NTLM) only affect the logon process. Enabling SSL also encrypts the data sent, including the logon process and the entire OWA session.

By enabling SSL on the Exchange Server virtual directory, you change the URL used to access OWA to HTTPS://servername/Exchange and browsers display the traditional padlock icon in the status bar.

References

218445 How to Configure Certificate Server for Use with SSL on IIS

Properties

Article ID: 234022 - Last Review: June 19, 2014 - Revision: 5.0
Keywords: 
kbhowto KB234022
Retired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com