Securing Your Outlook Web Access 2000 Implementation Using SSL
- Open Internet Services Manager from your Administrative Tools.
- Open the Properties for the Web Site that is hosting OWA (normally the Default Web Site).
- Select the "Directory Security" tab, then click on the "Server Certificates" button.
- You will be presented with the "Pending Certificate Request" dialog box (below), select "Process the pending request and install the certificate", click Next.
- The "Process a Pending Request" dialog box will appear (below) navigate to the site certificate that you received. click Next.
- You will be presented with the "Certificate Summary" (below), click Next.
- Next, you will need to install the intermediate certificate, please follow the instructions:
Now that you have now installed the SSL certificate on your web site, the next step is to enable SSL for OWA - this is a simple task.
- Using the Internet Services Manager, open the properties for the "Exchange" virtual directory.
- Select the "Directory Security" tab, and then click on the "Edit" button in the Secure Communication section.
- In the "Secure Communications" dialogue box (below), check the box "Require Secure Channel (SSL)". You could also check the box "Require 128-bit encryption," if you check the 128-bit checkbox, any browsers that do not support 128-bit encryption will be unable to connect to OWA.
When users enter http://ahost.adomain.com/exchange, they will receive an "HTTP 403.4 - Forbidden: SSL required Internet Information Services" error message, because OWA is configured to require SSL. SSL uses the HTTPS protocol, so users would need to enter the url as https://ahost.adomain.com/exchange.
Please see the Microsoft article regarding forcing the use of SSL with OWA:
One final step that you may need to take is to ensure that your Firewall is configured.
Free SSL Certificate