256-bit SSL Digital Web Certificates
Securing Your Outlook Web Access 2000 Implementation Using SSL
Securing Your Outlook Web Access 2000 Implementation Using SSL
Certificate Installation
- Open Internet Services Manager from your Administrative Tools.
- Open the Properties for the Web Site that is hosting OWA (normally
the Default Web Site).
- Select the "Directory Security" tab and then click on
the "Server Certificates" button.
- You will now be presented with the "Pending Certificate Request"
dialogue box (below), select "Process the pending request and
install the certificate", click Next.
- The "Process a Pending Request" dialogue box will appear
(below), navigate to the site certificate that you received. click
Next.
- You will now be presented with the "Certificate Summary"
(below), click Next.
- Next you will need to install the intermediate certificate,
please follow the instructions at: http://certs.centurywebdesign.co.uk/support/cert_installation/iis5.html
You have now installed the SSL certificate into our web site, the
next step is to enable SSL for OWA - this is a pretty simple task.
- Using the Internet Services Manager, open the properties for the
"Exchange" virtual directory.
- Select the "Directory Security" tab and the click on the
"Edit" button in the Secure Communication section.
- In the "Secure Communications" dialogue box (below), check
the box "Require Secure Channel (SSL)", you could also check
the box "Require 256-bit encryption", if you do check the
256-bit checkbox, any browsers that do not support 256-bit encryption will be
unable to connect to OWA.
When users enter http://ahost.adomain.com/exchange, they will receive an
"HTTP 403.4 - Forbidden: SSL required Internet Information
Services" error message, because OWA is configured to require SSL. SSL
uses the HTTPS protocol, so users would need to enter the url as
https://ahost.adomain.com/exchange. Please see the Microsoft article regarding
forcing the use of SSL with OWA: http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q279681
One final step that you may need to take is to ensure that your Firewall is
configured to allow HTTPS (port 443 by default) to pass through.
|