- Register a Root Certificate Authority (CA) Certificate on the Internet Information Server (IIS) computer that OWA is installed on. For more information on setting up a CA Certificate, see the following article in the Microsoft Knowledge Base:
- Create and install a Key Certificate for the WWW portion of the IIS/OWA server. For more information on creating and installing the key certificate, see the above listed article, Q218445.
- Start the Internet Service Manager (ISM), which loads the Internet Information Server snap-in for the Microsoft Management Console (MMC).
- In the MMC, right-click the directory IISADMPWD, and then click Properties.
- Click the Directory Security (or File Security) tab. Under Secure Communications, click the Edit button.
- Click to select the Require Secure Channel when accessing this resource" check box.
- Click OK twice to return to the MMC.
NOTE: These steps are enough to allow password changes from within OWA using SSL. Continuing with the remaining steps will enable SSL on the entire OWA site.
- Repeat steps 4-7 for the Exchange Server virtual directory.
SSL security on the Exchange Server virtual directory provides total encryption of all data sent to and from the client browsers. The client authentication methods provided by IIS (Allow Anonymous, Basic Clear Text, and NTLM) only affect the logon process. Enabling SSL also encrypts the data sent, including the logon process and the entire OWA session.
By enabling SSL on the Exchange Server virtual directory, you change the URL used to access OWA to HTTPS://servername/Exchange and browsers display the traditional padlock icon in the status bar.
Article ID: 234022 - Last Review: Jun 19, 2014 - Revision: 1