How do I configure OMA to use SSL?
Outlook Mobile Access (or OMA for short) is a new feature found in Exchange Server 2003 that allows you to connect to your mailbox by means of almost any mobile phone or mobile device–based browsers that support HTML, XHTML, or Compact Hypertext Markup Language (cHTML). These include a wide variety of mobile devices such as mobile phones, Palm OS based devices and Pocket PC based devices.
You can read more about OMA in the featured links at the bottom of this article.
OMA transmits traffic to and from the web browser on the mobile device in HTTP (based upon TCP, port 80) and in clear text, meaning that anyone could potentially “listen” to your talk and grab frames and valuable information from the net.
To secure the transmission of information between Exchange Server 2003 and Outlook Mobile Access (OMA) clients, you can encrypt the information being transmitted by using SSL (Secure Sockets Layer).
To configure SSL for Outlook Mobile Access on Exchange Server 2003 complete the following steps:
Important note – Internet use: You must make sure that either the Name or the Common Name fields (one of them or both of them) exactly match the external FQDN of the website. For example, if your server‘s NetBIOS name is SERVER1, and it is located in the MYINTERNALDOM.LOCAL domain, but it will host a website that will require users to enter WWW.KUKU.CO.IL to reach it, you must then use WWW.KUKU.CO.IL as the Name or Common Name in the certificate request wizard, and DO NOT use SERVER1.MYINTERNALDOM.LOCAL.
Important note – Intranet use: For Intranet-only purposes you CAN use the internal FQDN of the server, or even just it‘s NetBIOS name. For example, if your server‘s NetBIOS name is SERVER1, and it is located in the MYINTERNALDOM.LOCAL domain, you can use SERVER1.MYINTERNALDOM.LOCAL or just SERVER1 for the Name or the Common Name fields.
You can also change the Bit Length for the encryption key if you want.
Note: If EDIT is grayed out then you did not successfully install a certificate for the Default Web Site. Go back to the beginning of the article and follow my instructions.
To test your new settings connect your mobile device to the Internet (or to your corporate LAN), open a browser and type your server‘s FQDN (or NetBIOS name, if on the LAN) + /OMA in the address bar (for example: http://server200/oma).
Note: Make sure you‘ve followed the important note in step #9 above.
Since you still used HTTP (plain text http, using TCP port 80) you‘ll get the following error message:
Now re-type the URL by using HTTPS instead of HTTP. You should be able to view the OWA website.
Note: The above example is shown from a Pocket Explorer emulator, but is should look the same on your mobile phone or Palm OS/Pocket PC device.
If configured correctly, you should be able to log into your mailbox by entering the right username in the form of DOMAIN\USERNAME and then the password.
After successfully authenticating you can access your mailbox.
Note: Make sure you renew your certificate a few weeks before it expires in order to prevent mishaps like this one: Expired SSL Website Certificate.
That‘s it, you‘re set up and ready to go.
You may find these related articles of interest to you: