Solved

HTTP and HTTPS OWA server

Posted on 2006-11-21
6
660 Views
Last Modified: 2010-03-06
Hello

We are using Exchange 2003 SP2, front end and backend server. Front end is currently serving OWA over web, i.e. http://owa.companyA.co.uk

I would like to implement OWA over HTTPS, however don't want to disrupt the users too much until I am certain it is working. Is it possible to have two OWA servers running concurrently? For instance, http://owa.companyA.co.uk and https://owa2.companyA.co.uk? I'm assuming this would have to be on a different box?

Also, we have no mailboxes on the front end server, it is used purely for OWA. Is there any security benefit in removing (or perhaps not installing in the first place) the Information Store?

Thanks in advance...

0
Comment
Question by:Dilan77
6 Comments
 
LVL 16

Expert Comment

by:poweruser32
ID: 17990458
no you would need to put in another BE server but you would be still going through the FE to access each BE-no other way
you should not be trying to use http anyway for owa -this is insecure
you cannot have mailboxes on a FE -full stop
0
 
LVL 4

Accepted Solution

by:
toibrahim earned 150 total points
ID: 17990956
Well, since you have a working configuration with FE and BE Servers in HTTP mode, I think adding HTTPS should not be that painful.

Install the Certificate on your FE Server. Do not check the "Require SSL" under Secure communications under the Directory Security Tab. This will allow HTTP as well as HTTPS. Once you feel satisfied with HTTPS for testing just force it for everyone.

There are security risks exposing your BE Server (Mailbox) to the Internet.

IK
0
 
LVL 8

Expert Comment

by:nitadmin
ID: 17993554
Have you already setup OWA?
Do you have a SSL cert from a public CA configured on your OWA website?
Do you have Service Pack 2 for Exchange 2003?
 
Here are articles from Daniel Petri's website. which tell you how to do this.
All you have to do is install Service pack 2. Install SSL cert. Enable form based authentication.
You probably already have service pack 2 and the SSL cert from a public CA?
 

http://www.petri.co.il/configure_ssl_on_oma.htm

http://www.petri.co.il/configure_ssl_on_owa.htm

http://www.petri.co.il/configure_oma.htm

http://www.petri.co.il/configuring_forms_based_authentication_in_exchange_2003.htm

Cheers,
NITADMIN
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 2

Author Comment

by:Dilan77
ID: 17994129
Hi

Yeah, we've already set up OWA and it's running fine using HTTP. I wanted to check if it was possible to run both HTTP and HTTPS at the same time, that way if a remote user was not able to connect via HTTPS (for whatever reason), they could always fall back on HTTP until we resolved the problem. Toibrahim has answered this part of the question.

We're running Exchange 2003 SP2, and I have tried running OWA over HTTPS using a third party (RapidSSL) certificate over one weekend, which went without hitch.

My second question was if there was any point in disabling the information store on the FE server for security reasons. I have heard of other people building FE servers for the specific use of OWA and not installing the Information Store. Since there are no mailboxes on that server, it's not needed and is one less (major) service that can be compromised. Has anyone seen this before?
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 100 total points
ID: 17995624
If the frontend server is for just OWA and not for inbound email, then you can remove the information store. That is a scenario discussed in the frontend/backend scenario.

As for your reasons for wanting to run with HTTP and HTTPS, I wouldn't accept that. I force all of my sites to use https, no exceptions. I don't even allow http traffic in to the network. If a site wouldn't allow connection to https then that would be very suspicious to me, as that means the user names and passwords would be going across in the clear.

Simon.
0
 
LVL 2

Author Comment

by:Dilan77
ID: 17998823
Points taken on board....thanks everyone...
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now