How to Configure Outlook Web Access Virtual Directories to Use SSL
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-03-15
This topic explains how to use Internet Information Services (IIS) Manager to configure Microsoft Office Outlook Web Access virtual directories to use Secure Sockets Layer (SSL). By default, when you install the Client Access server role on a server that is running Microsoft Exchange Server 2007, four Outlook Web Access virtual directories are created in the default IIS Web site on the Exchange server. The four virtual directories are named \owa, \exchange, \public, and \exchweb. By default, these virtual directories and the default Web site are configured to require SSL.
If you want to use SSL to help secure additional Outlook Web Access virtual directories or Web sites that you have created, you must do so manually. To configure a site to use SSL, you must obtain a certificate and configure the Web site or virtual directory to require SSL by using that certificate.
Identify the SSL certificate that you will use. For more information about how to obtain and manage SSL certificates, see Managing Client Access Security.
To perform the following procedures, the account you use must be delegated the following:
Exchange Server Administrator role and local Administrators group for the target server
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
In IIS Manager, select the Default Web site or the Web site where you are hosting your Outlook Web Access virtual directories, and then click Properties.
On the Directory Security tab, in Secure Communications, click Edit.
In Secure Communications, select Require Secure Channel (SSL).
Note: If you are using an SSL certificate that was created during Microsoft Exchange Setup, an error message will appear to notify you that the certificate is not a trusted certificate. Make sure that you trust the certification authority (CA) that issued the certificate or use an SSL certificate that is trusted by your CA.
Click OK to save your changes.
After you complete this procedure, all Outlook Web Access virtual directories on the Web site for which you have not explicitly disabled SSL will be configured to use SSL.
For more information about Outlook Web Access virtual directories, see Managing Outlook Web Access Virtual Directories in Exchange 2007.
For more information about the default SSL certificate, see How to Trust the Default SSL Certificate.