Configure SSL for Exchange ActiveSync

Applies to: Exchange Server 2010

Topic Last Modified: 2011-03-19

You can configure Microsoft Exchange ActiveSync virtual directories to use Secure Sockets Layer (SSL). By default, when you install the Client Access server role on a computer that's running Microsoft Exchange Server 2010, an Exchange ActiveSync virtual directory is created on the default Internet Information Services (IIS) Web site on the Exchange server.

After you obtain an SSL certificate to use with the Client Access server on the default Web site or on the Web site where you host your Exchange ActiveSync virtual directory, you can configure the Web site to require SSL. You can enable SSL for all Web sites hosted by the Client Access server or enable SSL only for Exchange ActiveSync.

Configuring an Exchange ActiveSync virtual directory to use SSL is just one step in managing security for Exchange ActiveSync. For more information about how to manage security for Exchange ActiveSync, see Managing Exchange ActiveSync Security.

Looking for other management tasks related to Exchange ActiveSync? Check out Managing Exchange ActiveSync.

You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync server settings" entry in the Client Access Permissions topic.

  1. In IIS Manager, select the Default Web site or the Microsoft-Server-ActiveSync virtual directory, and then click Properties.
    If you want to configure SSL only for Exchange ActiveSync, select the Microsoft-Server-ActiveSync virtual directory under the Default Web site. Otherwise you'll configure SSL for all virtual directories hosted on the Client Access server.
  2. On the Directory Security tab, in Secure Communications, click Edit.
  3. In Secure Communications, select Require Secure Channel (SSL).
  4. After you complete this procedure, your Exchange ActiveSync virtual directory on the Web site will be configured to use SSL.