OWA SSL

I need to setup OWA on server 2003 using exchange 2003  using ssl - I don't remember this being so hard but I can't seem to do it on this platform - IS there a "start here" rule of thumb for doing this - my goal is for the web users to access web mail using https://mail.domain.com - thanks
etonnemacherAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rthreeCommented:
Where you getting stuck? Does non SSL webmail work if you go to http://mail.domain.com?

Are you trying to access this from the internal network for testing? Or you trying to access it externally over the network.

The first thing I would do would be to test it internally and work on be able to access it via IP to eliminate DNS issues.
https://exchangerserveripaddress/exchange

Does that work?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
antioedCommented:
Without knowing how you are approaching SSL certificates (your own cert authority or 3rd party) I found a few links which cover the topic:

Set up OWA using SSL certs from your own cert authority:  http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
Using a free cert from a 3rd party:  http://www.msexchange.org/tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-Certificate.html

...this should at least get you going in the right direction!

0
hstilesCommented:
The following will enable you to set up OWA over SSL for free

Assuming the URL for your OWA server is called webmail.123.co.uk and that the default website is set up for OWA

Download the IIS Resource Kit.  You can generate a secure certificate using selfssl.
Open a command prompt and go to the install location for selfssl, usually c:\program files\IIS Resources\selfssl

selfssl  /T /N:cn=webmail.123.co.uk /V:365

This creates a certificate for webmail.123.co.uk, sets the lifetime to 365 days, adds it to the trusted
certificate store and installs it in the default website

Next, go to your OWA server and create a new file under c:\inetpub\wwwroot (assuming you are using default location) called index.htm

Add the following code

<html>
<head>
<title>123.co.uk Webmail Service</title>
<meta http-equiv="refresh" content="2; URL=https://webmail.123.co.uk/exchange">
<meta name="keywords" content="automatic redirection">
</head>
<body>
Your browser should automatically redirect you in 2 seconds.  If not click <a href="https://webmail.inghams.co.uk/exchange">here</a>
</body>
</html>

Change the default document for your default website to index.htm

Open the properties of the Exchange folder under your default website, go to directory security and make sure SSL is required and set to 128-bit

Now, users navigating to your OWA server will automatically be directedto the secure page.

If you want to make it even better, enables forms-based authentication.  Go to Exchange System Manager, expand your administrative group, expand your Front End Server, expand protocols, expand HTTP and bring up properties of Default HTTP Virtual Server.  Under setttings, tick enabledforms based authentication.

To make it better still, you can modify the logon page to autmatically provide your domain name.  Find the following section in the logon.asp file under prograqm files\exchsrvr\exchweb\bin\auth\usa\logon.asp and replace XXXXX with your domain name

return true;
}
logonForm.username.value = "XXXXX\" + logonForm.username.value;
  return false;
}
//-->
</script>
<FORM action="/exchweb/bin/auth/owaauth.dll" method="POST" name="logonForm" autocomplete="off" onsubmit="logonForm_onsubmit()">
      <% Else %>
      <BODY scroll="AUTO" bgColor="#FFFFFF" text="#000000" onload="setFocus()">
            <script Language=javascript>
  <!--
function logonForm_onsubmit()
{
if (logonForm.username.value.indexOf("@") !=-1)
{
return true;
}
logonForm.username.value = "XXXXXX\" + logonForm.username.value;
  return false;
}
//-->
</script>

The above should make for a slick OWA setup.

WARNING users will get a certififcate warning when they hit theOWAlogon page because your certififcate is not from a trusted authority.  you still get the encryption benefits however.
0
etonnemacherAuthor Commented:
Hi Guys - sorry it took so long for me to get back with you - long story short, I've been tasked with securing a network that is pretty wide open - The ssl was my first step and succssful thanks to your comments - Hstiles, I tried yours and screwed it up! Sorry but it did give me some good pointers! The biggest problem was that they were approaching IIS as a website provider and not a stand alone company. o moved everything under the "default" website and locked it down

Thanks for all your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.