Installing your SSL Server Certificate - Microsoft Outlook Web Access 2000

You will receive an email from the Registration Authority when your certificate request has been approved that contains a link to a location where your certificate may be obtained.  Clicking on this link will bring up a browser window that contains the details of your issued certificate and includes a section that looks something like the following:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----

and paste it into an appropriately named text file e.g. myserver.cert

Certificate Installation

  1. Open Internet Services Manager from your Administrative Tools.
  2. Open the Properties for the Web Site that is hosting OWA (normally the Default Web Site).
  3. Select the "Directory Security" tab and then click on the "Server Certificates" button.
  4. You will now be presented with the "Pending Certificate Request" dialogue box.
    Select "Process the pending request and install the certificate"
    Click Next. 
  5. The "Process a Pending Request" dialogue box will appear
    Navigate to the site certificate that you received and click Next.
  6. You will now be presented with the "Certificate Summary"
    Click Next.
  7. Next you will need to install the CA certificates, please follow the instructions for IIS 5.x / 6.x

You have now installed the SSL certificate into your web site, the next step is to enable SSL for OWA - this is a pretty simple task.

  1. Using the Internet Services Manager, open the properties for the "Exchange" virtual directory.

  2. Select the "Directory Security" tab and the click on the "Edit" button in the Secure Communication section.
  3. In the "Secure Communications" dialogue box (below), check the box "Require Secure Channel (SSL)", you could also check the box "Require 128-bit encryption", if you do check the 128-bit checkbox, any browsers that do not support 128-bit encryption will be unable to connect to OWA.

    Server communications

When users enter http://ahost.adomain.com/exchange, they will receive an "HTTP 403.4 - Forbidden: SSL required Internet Information Services" error message, because OWA is configured to require SSL.  SSL uses the HTTPS protocol, so users would need to enter the url as https://ahost.adomain.com/exchange.  Please see the Microsoft article regarding forcing the use of SSL with OWA: http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q279681

One final step that you may need to take is to ensure that your Firewall is configured to allow HTTPS (port 443 by default) to pass through.

Copyright © Trustis Limited 2010.  All Rights Reserved
This document is licensed for use only in conjunction with the use of Trustis Trust Services