Become a Columnist Microsoft Exchange Site Microsoft Support SiteMSDN Exchange Site

   

Subscribe to OutlookExchange
What's New
Columnist
Anderson Patricio
Ann Mc Donough
Bob Spurzem
Brian Veal
Catherine Creary
Cherry Beado
Colin Janssen
Collins Timothy Mutesaria
Drew Nicholson
Fred Volking
Glen Scales
Goran Husman
Guy Thomas
Henrik Walther
Jason Sherry
Jayme Bowers
John Young
Joyce Tang
Justin Braun
Konstantin Zheludev
Kristina Waters
Kuang Zhang
Mahmoud Magdy
Martin Tuip
Michael Dong
Michele Deo
Mitch Tulloch
Nicolas Blank
Pavel Nagaev
Ragnar Harper
Ricardo Silva
Richard Wakeman
Russ Iuliano
Santhosh Hanumanthappa
Steve Bryant
Steve Craig
Todd Walker
Tracey J. Rosenblath
Development
More Resources
Software
Other Links
 
 

SSL (Security Sockets Layer), can look quite daunting if you've never had to implement it before. Realistically it's quite simple. Some people only want SSL to allow users to change passwords, whilst others want to implement it to create a permanent secure connection. Here is a quick overview on how to implement it.

Initially, the main component of SSL is the Security Certificate. This is where most people stop. Without getting in depth of setting up Certificate Servers etc, you can obtain a trial certificate from Verisign.  Look for the link 'Free trial SSL ID' on their website www.verisign.com and follow the instructions on how to get your certificate. It's relatively straight forward, and IIS 5 provides you with plenty of easy to follow wizards. For starters though, I'll assume you have been sent a certificate.

  1. Open the IIS MMC.
  2. Select the Default Web Site.
  3. Open the properties of the Default Web Site.
  4. Select the Directory Security tab.
  5. In the Secure Communications section, click on the Server Certificate button.
  6. The wizard should open, click next.

You should already have been through this wizard before to create your certificate to send to the authority.

  1. Select the option to import the certificate.
  2. Browse and select the file you created from the instructions sent by the certificate authority (Verisign).
  3. Enter a password for the key pair. This is the one you used before when initially creating the certificate.
  4. Commit the changes and click OK.

Now you have installed SSL on your server, but have not actually enabled it as such. You can test this out by browsing to you OWA using the https protocol - https://owaserver/exchange/<mailbox>.

Most people wish to implement SSL, purely to enable users to change their passwords with OWA. We have installed SSL, but we cannot still change passwords. To do this we need to implement the IISADMPWD directory. Don't panic, it's most likely not showing under the Default Web Site. We need to create the Virtual Directory.

  1. Open the ISS MMC.
  2. Select the Default Web Site.
  3. Right Click, and select New / Virtual Directory.
  4. The wizard will open up. Click Next.
  5. Enter the Alias of IISADMPWD, and click Next.
  6. Enter the path to the IISADMPWD directory and click Next. This should be C:\WINNT\System32\Inetsrv\Iisadmpwd though you may want to check it exists first. It should contain some files with a htr extension.
  7. You need to select READ, RUN SCRIPT and EXECUTE ACCESS, then click Next.
  8. Click Finish.

Users can now change their passwords via OWA. For the others that want to have the whole OWA connection protected by IIS read on.

  1. Open the IIS MMC.
  2. Select the Default Web Site.
  3. Select the Exchange Virtual Directory and select the Properties.
  4. Select the Directory Security tab.
  5. In the Secure Communications section click on the Edit button.
  6. Click the box that specifies "Require Secure Channel (SSL)".
  7. Click OK, then OK.

Now clients can only access OWA using the https protocol, not http. The biggest problem here is, is that most probably your clients have been using OWA, and now you need to inform them of the change. A simpler method is to re-direct the original site to the new secure site. This is done quite simply by modifiying one of the actual error messages.

Microsoft have explained this quite well, so to found out how to do this read this article :-

How to force SSL encryption for an OWA2000 client.

   

Disclaimer: Your use of the information contained in these pages is at your sole risk. All information on these pages is provided "as is", without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by Stephen Bryant or Pro Exchange. OutlookExchange.Com, Stephen Bryant and Pro Exchange shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Copyright Stephen Bryant 2008