I conducted fairly extensive tests and don't want to create a hard-to-read narrative. So, for clarity, let's divide this up and use numbered items.
To enable SSL for OWA 2003 by using Windows 2003 Certificate Services, the following was tried.
1. Installed Certificate Services on the Exchange 2003 server.
2. Created a pending certificate request from the Default Web Site on the MSExch 2003 server
3. Browsed to http://exchangeserver/certsrv
to submit a certificate request
4. Selected the "Request a Certificate" link
4. The first indication of trouble was that the certificate services interface failed to present the expected options for creating either a User Cert or submitting an Advanced Certificate Request and proceeded, immediately after the "Request a Certificate" link was clicked, to the "Advanced Certificate Request" page. This was unexpected behavior.
5. From the "Advanced Certificate Request" page the "Submit a certificate request by using a base 64 encoded CMC..." option was selected.
6. The Certificate Services interface produced an error message: "No Certificate Templates Could be Found..."
7. Researched this error and found a Microsoft recommenced fix: use ADSIEDIT.msc to verify that the dNSHostName attribute of Active Directory matches the sServerConfig value found within the Certdat.inc file.
8. Followed this advice but found zero discrepancies - the relevant values within Active Directory and the Certdat.inc file matched precisely.
At this point, I decided to try another route.
1. I installed Certificate Services on the domain controller (also running Windows Server 2003).
2. After installation was complete I browsed to http://domaincontroller/certsrv
to submit a certificate request.
3. This time, the interface behaved as expected and produced zero errors.
4. Using the "Submit a certificate request by using a base 64 encoded CMC..." option, I pasted the contents of the certificate request generated by the Exchange server's default website request - certreq.txt - into the appropriate field and downloaded the certificate.
5. I then completed the pending certificate request on the Exchange server's IIS server by appending the downloaded certificate to the default website.
6. The "Require secure channel" option was selected to enforce SSL.
This seemed to go without incident but the following behavior occurred.
1. I browsed to https://exchangeserver/exchange
and, as expected, was prompted to accept a certificate.
2. After the certificate was accepted, I received a "Page Not Found" error.
All very frustrating.
Before trying this on the production servers, I attempted it in a test environment. The test went forward without a hitch, inspiring confidence of success (all an illusion, as it turned out) but there is a (potentially) significant difference between the test and live situations.
The test box is both a domain controller and an Exchange server.
In the production environment the Certificate Services interface behaved as expected on the domain controller but malfunctioned on the Exchange server.
I'm wondering if there are unknown (to me) dependencies that are spoiling my efforts.
Any help or guidance would be appreciated and of course, point rewarded.