SSL Encrypted Access to Exchange
- Exchange 2003
- ISA 2004
- Windows 2003
- Turn SSL on the HTTP Virtual Server OWA is sitting on.
- Assign it a certificate.
- Make sure the certificate name matches the URL you're using.
I'm not sure if this next bit is entirely necessary but it didn't start working for me until I did it:
- In IIS, add a host header value. Make it the same as the URL your OWA is being published on.
Export the certificate you created for OWA:
- Right click on the virtual server in IIS
- Go to Directory Security
- Press "server certificate"
- Choose "Export", press next.
- Choose a path to save the exported cert to, press next.
- Enter a password, press next.
- Confirm the details, press next.
Go to the Proxy Server.
Import the certificate:
- Run MMC, Add/remove snap in, certificates.
- Manage certs for computer account on local computer.
- Browse to Trusted Root Certificates, Certificates.
- Right click on Certficates, press Import.
- Browse to whereever you exported the cert from the email to, enter the password.
Open the ISA console.
- Go to Firewall Policy.
- In the pane on the right side, choose toolbox.
- Go to Network Objects, web listeners.
- Create a new one.
- Give it a name (OWA SSL listener or something).
- Listen to requests from External network, press next.
- Disable HTTP, enable SSL on port 443.
- Choose the certificate you are going to use, press next.
- Press Finish.
- Still in the toolbox pane, right click the listener you just created and press properties.
- Go to preferences, authentication.
- Uncheck Basic and check OWA Forms-based.
- Press OK.
- Go to Tasks, press "Publish a mail server".
- Give the publishing rule a name ("OWA Access").
- Choose "web client access", press next.
- Choose OWA, press next
- Leave enable high bit characters blah blah blah checked, press next.
- Choose Secure Connection to clients and mail server, press next.
- Enter the FQDN of your exchange server, press next.
- Choose "Accept requests for this domain name", type the domain you're going to access OWA with, press next.
- Choose the web listener you just created, press next.
- Apply rule to all users, press next.
- Press finish.
Browse to your webmail URL and all being well you should be able to get access