Using SSL with Outlook Web Access

One of the most frequent questions I see posted to both the 2000trainers.com newsgroup and the Microsoft public newsgroups is about setting up OWA (Outlook Web Access) to use SSL for security. This is especially important in a scenario where you are using a Front-end/Back-end configuration as Front-end servers only support basic authentication. This might not seem like a big deal at first, but when you realize that this means that information is being sent across the wire in an unencrypted format, you can see how important this becomes. Some administrators also want to be able to *force* users to a secure connection, rather than manually requiring them to type it in. Finally, a lot of folks want to use the functionality included with OWA that allows you to change a users domain password. We are also going to cover all of this, but be aware that this last step does require you to use SSL on your OWA server. Having said all that we will begin by actually enabling SSL on the Exchange Virtual Server. In order to do this, I used a digital certificate from my own CA that I installed into my network. You can get your certificate from a local CA or from any of the CA’s that exist out on the internet. Where the digital certificate comes from isn’t important. Installing it into the Exchange Virtual Server to enable SSL for OWA is what is important to us. We start by going into the Default Virtual Web Server through Internet Services Manager, as you can see in Figure 1.

Next up we go into the properties of the Default Web Server, as you can see in Figure 2.

From there, we go to the Directory Security Tab and select to install a new digital certificate. This launches the certificate wizard as you can see in Figure 3.Once you have stepped through the wizard you should be able to go in and view the properties of the new digital certificate that you have installed as you can see from Figure 4. If you would like an actual walk through of the Certificate Wizard you can find it here.