That was the easy part. Now that we have our certificate installed, we first want to make certain that our clients using OWA can connect using SSL. Once we verify SSL connectivity is working, we are going to automate the process so that even if a user doesn’t type in HTTPS: they will be redirected to the secure link without having to type anything in. Finally, we will configure IIS to allow an OWA user to change their domain password. To start off we want to verify that HTTPS works, so we type in the URL HTTPS://exchangeservername/exchange and verify that we can get to our mailbox. As you can see from Figure 5, everything is working fine.The only problem at this point is that a user can still access their mailbox using an unsecured link as well. Take a look at Figure 6 and you will see what I mean.
So the problem here is that although we have SSL enabled users are still able to access their mailboxes using an unsecured link. This obviously is undesirable because we can’t count on our users to remember to type in HTTPS when they attempt to access their mailboxes through OWA. Luckily, we don’t have to rely on the users doing this.