SSL Encrypted Access to Exchange

From Wiki

Jump to:navigation, search


  • Exchange 2003
  • ISA 2004
  • IIS6
  • Windows 2003

  • Turn SSL on the HTTP Virtual Server OWA is sitting on.
  • Assign it a certificate.
  • Make sure the certificate name matches the URL you're using.

I'm not sure if this next bit is entirely necessary but it didn't start working for me until I did it:

  • In IIS, add a host header value. Make it the same as the URL your OWA is being published on.

Export the certificate you created for OWA:

  • Right click on the virtual server in IIS
  • Go to Directory Security
  • Press "server certificate"
  • Choose "Export", press next.
  • Choose a path to save the exported cert to, press next.
  • Enter a password, press next.
  • Confirm the details, press next.

Go to the Proxy Server.

Import the certificate:

  • Run MMC, Add/remove snap in, certificates.
  • Manage certs for computer account on local computer.
  • Browse to Trusted Root Certificates, Certificates.
  • Right click on Certficates, press Import.
  • Browse to whereever you exported the cert from the email to, enter the password.

Open the ISA console.

  • Go to Firewall Policy.
  • In the pane on the right side, choose toolbox.
  • Go to Network Objects, web listeners.
  • Create a new one.
  • Give it a name (OWA SSL listener or something).
  • Listen to requests from External network, press next.
  • Disable HTTP, enable SSL on port 443.
  • Choose the certificate you are going to use, press next.
  • Press Finish.
  • Still in the toolbox pane, right click the listener you just created and press properties.
  • Go to preferences, authentication.
  • Uncheck Basic and check OWA Forms-based.
  • Press OK.
  • Go to Tasks, press "Publish a mail server".
  • Give the publishing rule a name ("OWA Access").
  • Choose "web client access", press next.
  • Choose OWA, press next
  • Leave enable high bit characters blah blah blah checked, press next.
  • Choose Secure Connection to clients and mail server, press next.
  • Enter the FQDN of your exchange server, press next.
  • Choose "Accept requests for this domain name", type the domain you're going to access OWA with, press next.
  • Choose the web listener you just created, press next.
  • Apply rule to all users, press next.
  • Press finish.

Browse to your webmail URL and all being well you should be able to get access