"Secure web based mail through OWA (Outlook Web Access)"

"Why implementing SSL in OWA is essential"

If you haven't yet implemented Outlook Web Access (OWA) with Secure Sockets Layer (SSL), you should!. OWA sessions aren't encrypted by default, and the communication between the Exchange server and the end-user browser is in clear text. Adding SSL to your OWA sessions ensures end-to-end encryption for the duration of the session. Your mobile sales force can securely and effectively work from any location, hotels, cyber cafes, in fact wherever they need to access e-mail!

Show me the leading providers who offer certificates for OWA

SSL Certificate Installation Instructions

Microsoft Outlook Web Access

Copy your web server certificate into a text editor such as notepad including the header and footer. You should then have a text file that looks like:

-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----

Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added. Copy your web server certificate into a text editor such as notepad and save as mydomain.cer.

Installing your web server certificate
  1. Start IIS and right click Default Web Site and select Properties from the menu.
  2. When the Properties appear, click on the Directory Security tab.
  3. Click on Server Certificate and follow the on screen wizard:
    • Ensure that you select Process the pending request and install the certificate. Click Next.
    • Locate the mydomain.cer file when prompted to locate your webserver certificate. Click Next.
    • Review the summary screen and ensure that you are processing the correct certificate. Click Next.
    • Click Next on the confirmation screen.
  4. Make sure that you have assigned Port 443 as the SSL port for https for your site. To do this, right click Properties for your website and make sure that 443 has been entered into the SSL port box:

Test your certificate by connecting to your server. Use the https protocol directive (e.g. https://mydomain/) to indicate you wish to use secure HTTP. The padlock icon on your Web browser will be displayed in the locked position if you have set up your site properly.

Now activate SSL for your Exchange Virtual Directory:

  1. Using the Internet Services Manager, open the properties for the Exchange virtual directory.
  2. Select the Directory Security tab and the click on the Edit button in the Secure Communication section.
  3. In the Secure Communications dialogue box, check the box Require Secure Channel (SSL), you could also check the box Require 128-bit encryption, if you do check the 128-bit checkbox, any browsers that do not support 128-bit encryption will be unable to connect to OWA.

Now when users enter http://www.mydomain.com/exchange, they will receive an "HTTP 403.4 - Forbidden: SSL required Internet Information Services" error message, because we have configured OWA to require SSL. SSL uses the HTTPS protocol, so users would need to enter the url as https://www.mydomain.com/exchange.

More information to force SSL only connections:

Microsoft has written an article about forcing the use of SSL with OWA: http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q279681

One final step that you may need to take is to ensure that your Firewall / router is configured to allow HTTPS (port 443 by default) to pass through.

Show me the leading providers who offer certificates for OWA

"High or Low Assurance"

"test your own site now.."

Select a browser:

I want to know

Tip: See what your competitors use!