How do I configure OWA to use SSL?
Outlook Web Access (or OWA for short) is one of Exchange Server‘s best features, allowing you to connect to your corporate mailbox from virtually any spot on earth as long as you have an Internet connection and a decent web browser.
You can read more about OWA in the featured links at the bottom of this article.
OWA transmits traffic to and from the web browser in HTTP (based upon TCP, port 80) and in clear text, meaning that anyone could potentially “listen” to your talk and grab frames and valuable information from the net.
To secure the transmission of information between Exchange Server 2003 and Outlook Web Access clients, you can encrypt the information being transmitted by using SSL (Secure Sockets Layer).
To configure SSL for Outlook Web Access on Exchange Server 2003 complete the following steps:
Note: Although the screenshots are made with Exchange 2003 on Windows Server 2003, the same procedure applies for Exchange 2000 and Windows 2000.
Note: If you already have a valid certificate for your website skip this phase and continue at the next one.
Note: If you don‘t have a Certificate Authority (CA) installed on your server or on a different server on the network you can prepare the request but you‘ll need to manually send it to the CA. You can try this link for some more information (thank you Abid Ali for the link):
Installing and Configuring a Windows Server 2003 Stand-alone Certification Authority
Important note – Internet use: You must make sure that either the Name or the Common Name fields (one of them or both of them) exactly match the external FQDN of the website. For example, if your server‘s NetBIOS name is SERVER1, and it is located in the MYINTERNALDOM.LOCAL domain, but it will host a website that will require users to enter WWW.KUKU.CO.IL to reach it, you must then use WWW.KUKU.CO.IL as the Name or Common Name in the certificate request wizard, and DO NOT use SERVER1.MYINTERNALDOM.LOCAL.
Important note – Intranet use: For Intranet-only purposes you CAN use the internal FQDN of the server, or even just it‘s NetBIOS name. For example, if your server‘s NetBIOS name is SERVER1, and it is located in the MYINTERNALDOM.LOCAL domain, you can use SERVER1.MYINTERNALDOM.LOCAL or just SERVER1 for the Name or the Common Name fields.
You can also change the Bit Length for the encryption key if you want.
Note: If EDIT is grayed out then you did not successfully install a certificate for the Default Web Site. Go back to the beginning of the article and follow my instructions.
To test your new settings connect your open a browser and type your server‘s FQDN (or NetBIOS name, if on the LAN) + /EXCHANGE in the address bar (for example: http://server200/exchange).
Note: Make sure you‘ve followed the important note in step #9 above.
Since you still used HTTP (plain text http, using TCP port 80) you‘ll get the following error message:
Now re-type the URL by using HTTPS instead of HTTP. You should be able to view the OWA website.
You might receive a Security Alert window. Click Ok.
If configured correctly, you should be able to log into your mailbox by either using the currently supplied credentials (i.e. there will be no need to actually enter any username or password), or by entering the right username in the form of DOMAIN\USERNAME and then the password.
To verify that you‘re using SSL try to find a small yellow lock icon on the browser lower right corner . Double click the lock icon.
A Certificate window will open. Review the information that is entered into the certificate and click Ok.
Note: Make sure you renew your certificate a few weeks before it expires in order to prevent mishaps like this one: Expired SSL Website Certificate.
You may find these related articles of interest to you: