Share via


Enable or Disable SSL on Exchange Web Services Virtual Directories

 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Exchange Web Services virtual directories help you manage calendar sharing and other functionality that's useful for your end users and server applications. An Exchange Web Services virtual directory is created by default on each Exchange computer that's running the Client Access server role. SSL is enabled by default on Exchange Web Services virtual directories. For more information about Exchange Web Services virtual directories, see Understanding Exchange Web Services Virtual Directories.

Important

SSL should be enabled for each Client Access server in your organization if you don't have an SSL offloading device and want to maintain secure communications between client and server. If you want to enable SSL offloading, you must disable SSL on each Client Access server in your organization for which you want to enable SSL offloading.
If your Client Access servers are running Exchange Server 2010 Service Pack 1 (SP1) or a later version, you can disable or enable SSL on an Exchange Web Services virtual directory by making a configuration change in Internet Information Services (IIS) Manager. However, if you’re running Exchange 2010 RTM, you must make a configuration change in IIS Manager and also in a configuration file that's located in the Exchange 2010 installation directory.

Looking for other management tasks related to Exchange Web Services virtual directories? Check out the Exchange Web Services virtual directory cmdlets referenced in the Client Access Cmdlets topic.

What Do You Want to Do?

  • Disable SSL on an Exchange Web Services virtual directory on a Client Access server running Exchange 2010 SP1 or a later version

  • Disable SSL on an Exchange Web Services virtual directory on a Client Access server running Exchange 2010 RTM

  • Enable SSL on an Exchange Web Services virtual directory on a Client Access server running Exchange 2010 SP1 or a later version

  • Enable SSL on an Exchange Web Services virtual directory on a Client Access server running Exchange 2010 RTM

Disable SSL on an Exchange Web Services virtual directory on a Client Access server running Exchange 2010 SP1 or a later version

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange Web Services permissions" entry in the Client Access Permissions topic.

  1. Open IIS Manager and turn off SSL on the Exchange Web Services virtual directory using the following steps:

    1. In the console tree, click the plus sign (+) next to each of the following folders to show the EWS node: Server Name > Sites > Default Web Site.

    2. In the console tree, select EWS.

    3. In the result pane, under IIS, double-click SSL Settings.

    4. Make sure the Require SSL check box is cleared.

  2. Perform this procedure on each Client Access server in your organization.

Disable SSL on an Exchange Web Services virtual directory on a Client Access server running Exchange 2010 RTM

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange Web Services permissions" entry in the Client Access Permissions topic.

  1. Open IIS Manager and turn off SSL on the Exchange Web Services virtual directory using the following steps:

    1. In the console tree, click the plus sign (+) next to each of the following folders to show the EWS node: Server Name > Sites > Default Web Site.

    2. In the console tree, select EWS.

    3. In the result pane, under IIS, double-click SSL Settings.

    4. Make sure the Require SSL check box is cleared.

  2. Edit the configuration file in the directory in which you installed Exchange 2010.

    Warning

    Save a copy of the configuration file before you begin the procedure. That way, you can revert to the original file if you make any errors while you're modifying the file.

    1. Go to C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\exchweb\ews, where C:\ is the directory in which you installed Exchange 2010.

    2. In Notepad or another .xml editing tool, open the web.config file.

    3. Change all occurrences of the term httpsTransport to httpTransport.

    4. Save changes to web.config.

  3. Perform this procedure on each Client Access server in your organization.

Enable SSL on an Exchange Web Services virtual directory on a Client Access server running Exchange 2010 SP1 or a later version

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange Web Services permissions" entry in the Client Access Permissions topic.

  1. Open IIS Manager and turn on SSL on the Exchange Web Services virtual directory using the following steps:

    1. In the console tree, click the plus sign (+) next to each of the following folders to show the EWS node: Server Name > Sites > Default Web Site.

    2. In the console tree select EWS.

    3. In the result pane, under IIS, double-click SSL Settings.

    4. Make sure the Require SSL check box is selected.

  2. Perform this procedure on each Client Access server in your organization.

Enable SSL on an Exchange Web Services virtual directory on a Client Access server running Exchange 2010 RTM

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange Web Services permissions" entry in the Client Access Permissions topic.

  1. Open IIS Manager and turn on SSL on the Exchange Web Services virtual directory using the following steps:

    1. In the console tree, click the plus sign (+) next to each of the following folders to show the EWS node: Server Name > Sites > Default Web Site.

    2. In the console tree select EWS.

    3. In the result pane, under IIS, double-click SSL Settings.

    4. Make sure the Require SSL check box is selected.

  2. Edit the configuration file in the directory to which you installed Exchange 2010.

    Warning

    Save a copy of the configuration file before you begin the procedure. That way, you can revert to the original file if you make any errors while you're modifying the file.

    1. Go to the C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\exchweb\ews, where C:\ is the directory in which you installed Exchange 2010.

    2. In Notepad or another .xml editing tool, open the web.config file.

    3. Change all occurrences of the term httpTransport to httpsTransport.

    4. Save changes to web.config file.

  3. Perform this procedure on each Client Access server in your organization.

 © 2010 Microsoft Corporation. All rights reserved.