XCCC: Turning On SSL for Exchange 2000 Server Outlook Web Access (320291)



The information in this article applies to:

  • Microsoft Exchange 2000 Server
  • Microsoft Exchange 2000 Enterprise Server

This article was previously published under Q320291

SUMMARY

You can use Secure Sockets Layer (SSL) to secure communication between clients (Web browsers) and a Microsoft Outlook Web Access (OWA) server. SSL encrypts all of the data that is sent over the network. This data includes logon credentials and mailbox and public folder items. SSL is the preferred, standard method to secure communication over the Internet.

MORE INFORMATION

To turn on SSL on the Exchange 2000 virtual roots:
  1. Obtain an SSL certificate. You can purchase a certificate from a number of third-party certification authorities. This is the preferred method because many of these certification authorities are already trusted by the majority of browsers. You can also use Microsoft Certificate Server to install your own certification authorities.
  2. Configure your SSL certificate in Microsoft Internet Information Services (IIS):
    1. Start Internet Services Manager, which loads the Internet Information Server Microsoft Management Console (MMC) snap-in.
    2. In the Internet Information Server MMC snap-in, right-click the Web site that contains the Exchange 2000 virtual roots, and then click Properties.
    3. Click the Directory Security tab.
    4. Under Secure communications, click Server Certificate to start the Web Server Certificate Wizard. You can use the Web Server Certificate Wizard to configure the certificate, based on the information that your certification authority provided.

      NOTE: At this point, users can use OWA over SSL by browsing to the following Web site:

      https://server_name/Exchange

  3. If you want to enforce the use of SSL, you can require secure channel communication on each Exchange 2000 virtual root:
    1. In the Internet Information Server MMC snap-in, click the Exchange 2000 virtual root that you want to secure (for example, click Exchange or Public).
    2. Right-click the virtual root, and then click Properties.
    3. Click the Directory Security tab.
    4. Under Secure communications, click Edit.
    5. Click to select the Require secure channel(SSL) check box.
NOTE: If you want to enforce the use of SSL, complete step 3 for each Exchange 2000 virtual root. By default, the virtual roots include the "Exchange" and "Public" virtual directories. However, the virtual roots may differ depending on your configuration.

NOTE: SSL cannot be required on a back-end server's 'exchange' virtual directory in a front-end/back-end configuration. Only the front-end server can require SSL, and it always proxies the request to the back-end server on port 80.

Modification Type:MinorLast Reviewed:4/25/2005
Keywords:kbhowto KB320291