Exchange Server TechCenter

One of the most important security-related tasks that you can perform for the Client Access server role is to configure an authentication method. The Client Access server role is installed with a default self-signed digital certificate. A digital certificate does two things:

• It authenticates that its holder is who or what they claim to be.
  
• It helps protect data exchanged online from theft or tampering.
  

Although the default, self-signed certificate is supported for Exchange ActiveSync and Outlook Web Access, it is not the most secure method of authentication. In addition, it is not supported for Outlook Anywhere. For additional security, consider configuring your Exchange 2007 Client Access server to use a trusted certificate from a third-party commercial certification authority (CA) or a trusted Windows public key infrastructure (PKI) CA. You can configure authentication separately for Exchange ActiveSync, Outlook Web Access, Outlook Anywhere, POP3, and IMAP4.

For more information about how to configure authentication, see the following topics:

• Choosing an Authentication Method for Your Exchange ActiveSync Server
  
• Configuring Standard Authentication Methods for Outlook Web Access
  

After you optimize the security of communications between clients and the Exchange 2007 Client Access server, you must optimize the security of the communications between the Exchange 2007 Client Access server and other servers in your organization. By default, HTTP, Exchange ActiveSync, POP3, and IMAP4 communication between the Client Access server and other servers, such as Exchange 2007 servers that have the Mailbox server role installed, domain controllers, and global catalog servers, is encrypted.

For More Information