Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 738
  • Last Modified:

HTTP and HTTPS OWA server

Hello

We are using Exchange 2003 SP2, front end and backend server. Front end is currently serving OWA over web, i.e. http://owa.companyA.co.uk

I would like to implement OWA over HTTPS, however don't want to disrupt the users too much until I am certain it is working. Is it possible to have two OWA servers running concurrently? For instance, http://owa.companyA.co.uk and https://owa2.companyA.co.uk? I'm assuming this would have to be on a different box?

Also, we have no mailboxes on the front end server, it is used purely for OWA. Is there any security benefit in removing (or perhaps not installing in the first place) the Information Store?

Thanks in advance...

0
Dilan77
Asked:
Dilan77
2 Solutions
 
poweruser32Commented:
no you would need to put in another BE server but you would be still going through the FE to access each BE-no other way
you should not be trying to use http anyway for owa -this is insecure
you cannot have mailboxes on a FE -full stop
0
 
toibrahimCommented:
Well, since you have a working configuration with FE and BE Servers in HTTP mode, I think adding HTTPS should not be that painful.

Install the Certificate on your FE Server. Do not check the "Require SSL" under Secure communications under the Directory Security Tab. This will allow HTTP as well as HTTPS. Once you feel satisfied with HTTPS for testing just force it for everyone.

There are security risks exposing your BE Server (Mailbox) to the Internet.

IK
0
 
nitadminCommented:
Have you already setup OWA?
Do you have a SSL cert from a public CA configured on your OWA website?
Do you have Service Pack 2 for Exchange 2003?
 
Here are articles from Daniel Petri's website. which tell you how to do this.
All you have to do is install Service pack 2. Install SSL cert. Enable form based authentication.
You probably already have service pack 2 and the SSL cert from a public CA?
 

http://www.petri.co.il/configure_ssl_on_oma.htm

http://www.petri.co.il/configure_ssl_on_owa.htm

http://www.petri.co.il/configure_oma.htm

http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

Cheers,
NITADMIN
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Dilan77Author Commented:
Hi

Yeah, we've already set up OWA and it's running fine using HTTP. I wanted to check if it was possible to run both HTTP and HTTPS at the same time, that way if a remote user was not able to connect via HTTPS (for whatever reason), they could always fall back on HTTP until we resolved the problem. Toibrahim has answered this part of the question.

We're running Exchange 2003 SP2, and I have tried running OWA over HTTPS using a third party (RapidSSL) certificate over one weekend, which went without hitch.

My second question was if there was any point in disabling the information store on the FE server for security reasons. I have heard of other people building FE servers for the specific use of OWA and not installing the Information Store. Since there are no mailboxes on that server, it's not needed and is one less (major) service that can be compromised. Has anyone seen this before?
0
 
SembeeCommented:
If the frontend server is for just OWA and not for inbound email, then you can remove the information store. That is a scenario discussed in the frontend/backend scenario.

As for your reasons for wanting to run with HTTP and HTTPS, I wouldn't accept that. I force all of my sites to use https, no exceptions. I don't even allow http traffic in to the network. If a site wouldn't allow connection to https then that would be very suspicious to me, as that means the user names and passwords would be going across in the clear.

Simon.
0
 
Dilan77Author Commented:
Points taken on board....thanks everyone...
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now