Configure SSL for Exchange ActiveSync
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-08-22
You can configure Microsoft Exchange ActiveSync virtual directories to use Secure Sockets Layer (SSL). By default, when you install the Client Access server role on a computer that's running Microsoft Exchange Server 2010, an Exchange ActiveSync virtual directory is created on the default Internet Information Services (IIS) Web site on the Exchange server.
After you obtain an SSL certificate to use with the Client Access server on the default Web site or on the Web site where you host your Exchange ActiveSync virtual directory, you can configure the Web site to require SSL. You can enable SSL for all Web sites hosted by the Client Access server or enable SSL only for Exchange ActiveSync.
Configuring an Exchange ActiveSync virtual directory to use SSL is just one step in managing security for Exchange ActiveSync. For more information about how to manage security for Exchange ActiveSync, see Managing Exchange ActiveSync Security.
Looking for other management tasks related to Exchange ActiveSync? Check out Managing Exchange ActiveSync.
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "Exchange ActiveSync server settings" entry in the Client Access Permissions topic.
If you are using IIS 7.0 or a later version, follow these steps:
In IIS Manager, select Default Web site or the Web site on which you are hosting your Microsoft-Server-ActiveSync virtual directory.
In the Web site Home pane, in the IIS area, double-click SSL Settings.
In SSL Settings, select the Require SSL check box. Require 128-bit SSL is optional. But if it is selected, this option provides greater security.
Note: If you are using an SSL certificate that was created during Exchange Setup, an error message notifies you that the certificate is not a trusted certificate. Make sure that you trust the certification authority (CA) that issued the certificate or use an SSL certificate that is trusted by your CA.
Under Client Certificates, select Ignore.
In the action pane, click Apply to save your changes.
If you are using a version of IIS earlier than IIS 7, follow these steps:
In IIS Manager, select the Default Web site or the Microsoft-Server-ActiveSync virtual directory, and then click Properties.
Note: If you want to configure SSL only for Exchange ActiveSync, select the Microsoft-Server-ActiveSync virtual directory under the Default Web site. Otherwise, you'll configure SSL for all virtual directories hosted on the Client Access server.
On the Directory Security tab, in Secure Communications, click Edit.
In Secure Communications, select Require Secure Channel (SSL).
After you complete this procedure, your Exchange ActiveSync virtual directory on the Web site will be configured to use SSL. For more information about Exchange ActiveSync, see Managing Exchange ActiveSync Security.