owa 2003 switching to ssl from http

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


Hi All:

I'm the admin for a Exchange 2003 SP2 Standard Edition environment
with about 150 users. We currently have a front end server that
accesses the back end Exchange server for users to access email with
outside of the office via a browser. Only the front end server is
accessible outside of our domain.

I am preparing to switch this over from just the generic HTTP port 80
configuration that is the OWA default to using SSL on port 443 for
security reasons and also to allow for form based authentication
instead of the plain network login pop up that's the only choice
available without using SSL.

Of course, this requires that we obtain a certificate from a CA to
use.

It looks like there are basically 3 options here.

1) Obtain and pay for a certificate from a third party like Verisign.

2) Install Microsoft Certificate Services as a Enterprise Root CA

3) Install Microsoft Certificate Services as a Standalone Root CA

If I do #2 or #3, I am planning on installing the certificate services
on the front end server that is used for OWA. This box doesn't run
anything other than serving as the front end OWA.

The domain is a Windows 2000 domain with Active Directory. I want
users to be able to access the webmail with at little hassle as
possible but still with the SSL security and the form based
authentication.

Given this, which of the above 3 is best to use? In addition to
remotely accessing email via OWA, users may also access OWA internally
when in other areas of the office.

I did find that this article,
http://www.isaserver.org/img/upl/vpnkitbeta2/installstandaloneca.htm,
says:

We recommend that you install a stand-alone CA only when:

You do not have an Active Directory domain, and/or
You do not require automatic deployment of certificates to users and
computers

Both of these are untrue in my case. The certificate will only be
used for OWA and nothing else. Is the best choice here the Enterprise
Root CA?

Thanks!
Drew
.

Relevant Pages

  • Re: rpc over https problems
    ... "The name on the security certificate is invalid or does not match the name ... when you open it with OWA)? ... and inserted it to the trusted root both on the server and the client ... Configure Outlook 2003 to use RPC over HTTP/S ...
    (microsoft.public.exchange.admin)
  • Re: SSL Noob needs some help
    ... We are Windows 2003 Active Directory with a central office and 2 small field ... Our Core Exchange server is here at corp office and each field ... Once the Cert Server is up, purchase and download the certificate to it. ... Enable OWA at each server to be SSL enabled. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Setting up OWA External Access, No FQDN, using .local domain.
    ... on our SBS 2003 server. ... Running ISA 2004 on the server as well. ... OWA and RWW work fine internally but I am struggling to publish these ... Without ISA, an SBS can be reached on its public IP address, and while a browser will warn you about an unmatched and untrusted certificate, it will allow connection. ...
    (microsoft.public.windows.server.sbs)
  • RE: Issues with Mac IE 5 and OWA
    ... | I have all my PCs connected just fine to an exchange 2003 server on an SBS ... On all the PCs I can get OWA from my IE 6.0 browsers. ... install a valid security certificate for the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: owa 2003 switching to ssl from http
    ... certificate warning.... ... access OWA from the outside. ... We currently have a front end server that ... Install Microsoft Certificate Services as a Enterprise Root CA ...
    (microsoft.public.exchange.admin)