HOME | FAQ | CONTACT

Installing an SSL certificate on Outlook Web Access (OWA) 2000

Part one: Download and save your certificates

  1. Open the email we sent you, that contains the certificate for your domain name.

  2. Copy the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines.

  3. Paste the certificate into a blank document in a text editor. Use an editor that will not add characters, such as TextPad.

  4. Save the document. We recommend that you name it YourDomainName.crt and save it in your Web server's default directory for SSL certificates.

    We recommend that you also back up your certificate on another computer or storage device.

  5. Confirm which certificate you purchased, and determine which set of Root and Intermediate certificates to download.

    To confirm which certificate you purchased, review your order confirmation.

    • If you purchased SBS Instant, download set A below.

    • If you purchased SBS Secure or Secure Plus, download set B below.

    A -- SBS Instant

    -OR-

    B -- SBS Secure and Secure Plus

  6. Download the Root-Intermediate set for your domain name certificate. To download, right-click each certificate file name and select Save Target As.

    Save the Root and Intermediate certificates to the same directory where you saved the certificate for your domain name.

Part two: Install the certificate for your domain name

  1. From your Administrative Tools, open Internet Services Manager.
  2. Click Properties for the Web Site that is hosting OWA (normally the Default Web Site).
  3. Click the Directory Security tab and then click Server Certificates.

  4. In the Pending Certificate Request dialog box, select Process the pending request and install the certificate, and then click Next.

    IIS Certificate Wizard - Pending Certificate Request

  5. In the Process a Pending Request dialog box, navigate to and select the certificate for your domain name. Click Next.

    IIS Certificate Wizard - Process Pending

  6. In the Certificate Summary box, click Next.

Part three: Install the Root and Intermediate certificates

  1. In your Windows taskbar, click the Start button then select Run, type mmc, and click OK.
  2. Click File and select Add/Remove Snap in.
  3. In the Add Standalone Snap-in dialog box, click Add, select Certificates, and then click Add.
  4. Select Computer Account and click Next. (This step is important: You must select Computer Account, not the current user account.)
  5. Select Local computer and click Finish.
  6. In the Add Standalone Snap-in box, click Close.
  7. In the Add/Remove Snap-in box, click OK.
  8. Return to the MMC.

  9. To install the Root certificate, right-click Trusted Root Certification Authorities, select All Tasks, select Import.

    IIS SSL server certificate - GTECyber TrustRoot

  10. Click Next.

    IIS SSL server certificate - certificate import wizard

  11. Locate your Root certificate and click Next.

    IIS SSL server certificate - file for import

  12. Select Place all the certificates in the following store and click Next.
  13. When the wizard is completed, click Finish.

  14. To install your Intermediate certificates, right-click Intermediate Certification Authorities, select All Tasks, select Import.

    IIS SSL server certificate - console

  15. If you purchased SBS Instant, install *Intermediate1CA.crt and then *Intermediate2CA.crt. If you purchased SBS Secure or Secure Plus, install *Intermediate*.crt. All the Intermediate files must be installed.
  16. Confirm that the Root certificate appears under Trusted Root Certification Authorities.
  17. Confirm that the Intermediate certificate(s) appear under Intermediate Certification Authorities.
  18. Restart the server.

Part four: Enable SSL for OWA

  1. Using the Internet Services Manager, open the properties for the Exchange virtual directory.

    Internet Services Management

  2. Select the Directory Security tab.
  3. In the Secure Communication section, click Edit.

  4. In the Secure Communications dialog box, check Require Secure Channel (SSL) and, if you wish, Require 128-bit encryption. If you check the 128-bit checkbox, any browsers that do not support 128-bit encryption will be unable to connect to OWA.

    Server communications

  5. Ensure that your Firewall is configured to allow HTTPS (port 443 by default) to pass through.

When users enter http://ahost.adomain.com/exchange, they will receive an "HTTP 403.4 - Forbidden: SSL required Internet Information Services" error message, because OWA is configured to require SSL. SSL uses the HTTPS protocol, so users must enter the url as https://ahost.adomain.com/exchange. Please see the Microsoft article about requiring the use of SSL with OWA: http://support.microsoft.com/default.aspx?scid=kb;en-us;234022




Copyright © 2008 Secure Business Services, All rights reserved. Terms of Service | Privacy Policy