Configuring SSL for Outlook Web Access

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

Secure Sockets Layer (SSL) encryption is used in Microsoft Office Outlook Web Access to help secure the connection between the computer that is running Microsoft Exchange Server 2007 that has the Client Access server role installed and the client. By default, Outlook Web Access uses forms-based authentication and requires SSL encryption.

SSL Encryption and Outlook Web Access

When you install the Client Access server role, four Outlook Web Access virtual directories are created in the default Internet Information Services (IIS) Web site on the Exchange server. The four virtual directories are named \owa, \exchange, \public, and \exchweb. By default, these virtual directories and the default Web site are configured to require SSL.

If you want to use SSL to help secure additional Outlook Web Access virtual directories or Web sites that you have created, you must do so manually. To configure a site to use SSL, you must obtain a certificate and configure the Web site or virtual directory to require SSL by using that certificate.

For more information, see How to Configure Outlook Web Access Virtual Directories to Use SSL.