Exchange
& Outlook Web Access (OWA) SSL Instructions
Exchange
2000 & 2003
Installing
your SSL Certificate / Web Server Certificate / Secure Server Certificate from
ipsCA
Your certificate will be sent to you by email. The email
message includes the web server certificate that you purchased in the body of
the email message.
Copy your web server certificate into a text editor such as
notepad and save as yourdomain.cer.
Installing your web server certificate:
1. Start IIS
and right click Default Web Site and select Properties from the
menu.
2. When the Properties appear, click on the Directory
Security tab.
3. Click on Server Certificate
and follow the on screen wizard:
• Ensure that you select Process the
pending request and install the certificate.
Click Next.
• Locate the yourdomain.cer file when
prompted to locate your webserver certificate. Click Next.
• Review the summary screen
and ensure that you are processing the correct certificate.
Click Next.
•
Click Next on the confirmation screen.
4. Make sure that you have assigned Port 443 as the
SSL port for https for your site. To do this, right click Properties for your
website and make sure that 443 has been entered into the SSL port
box:
Test your certificate by connecting to your server. Use the
https protocol directive (e.g. https://your server/) to indicate you wish to use
secure HTTP. The padlock icon on your Web browser will be displayed in the
locked position if you have set up your site properly.
Now
activate SSL for your Exchange Virtual Directory:
1. Using the Internet Services Manager, open the
properties for the Exchange virtual directory.
2. Select the Directory
Security tab and the click on the Edit button in the Secure Communication
section.
3. In
the Secure Communications dialogue box, check the box Require Secure Channel
(SSL), you could also check the box Require 128-bit encryption, if you do check
the 128-bit checkbox, any browsers that do not support 128-bit encryption will
be unable to connect to OWA.
Now when users enter
http://www.yourdomain.com/exchange, they will receive an "HTTP 403.4 -
Forbidden: SSL required Internet Information Services" error message, because we
have configured OWA to require SSL. SSL uses the HTTPS protocol, so users would
need to enter the url as https://www.yourdomain.com/exchange.
More information to
force SSL only connections:
Microsoft has written an article about
forcing the use of SSL with OWA:
http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q279681
One final step that you may need to take is to ensure that
your Firewall / router is configured to allow HTTPS (port 443 by default) to
pass through.
Backing up your
key pair file
Creating your Snap-in Management Console
Certificate Snap-in consoles (MMC) are not preconfigured.
You will need to configure the Snap-in before you can perform any Export/Import
functionality. To configure your Snap-in, follow the steps below. The system
administrator will have to create the console.
1.- Go to Start. Select Run, Type mmc and click OK.
This will bring up an empty console with no management functionality.
2.- Click on Console select Add/Remove Snap-in.
3.- The Snap-ins added to box will list only the Console Root.
Click Add.
4.- Select Certificates and then click Add.
5.- Select Computer Account.
6.- Click on Finish.
7.- Click Close.
8.- Click on OK.
Managing your
certificates
1.- Go to the Microsoft Management Console (MMC) and add the
Snap-in for Certificates.
2.- Select the folders Console Root\Certificates(Local
Computer)\Personal\Certificates.
3.- Right click on the certificate to export.
