[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 923
  • Last Modified:

OWA SSL

I need to setup OWA on server 2003 using exchange 2003  using ssl - I don't remember this being so hard but I can't seem to do it on this platform - IS there a "start here" rule of thumb for doing this - my goal is for the web users to access web mail using https://mail.domain.com - thanks
0
etonnemacher
Asked:
etonnemacher
3 Solutions
 
rthreeCommented:
Where you getting stuck? Does non SSL webmail work if you go to http://mail.domain.com?

Are you trying to access this from the internal network for testing? Or you trying to access it externally over the network.

The first thing I would do would be to test it internally and work on be able to access it via IP to eliminate DNS issues.
https://exchangerserveripaddress/exchange

Does that work?
0
 
antioedCommented:
Without knowing how you are approaching SSL certificates (your own cert authority or 3rd party) I found a few links which cover the topic:

Set up OWA using SSL certs from your own cert authority:  http://www.msexchange.org/tutorials/SSL_Enabling_OWA_2003.html
Using a free cert from a 3rd party:  http://www.msexchange.org/tutorials/SSL-Enabling-OWA-2003-Using-Free-3rdParty-Certificate.html

...this should at least get you going in the right direction!

0
 
hstilesCommented:
The following will enable you to set up OWA over SSL for free

Assuming the URL for your OWA server is called webmail.123.co.uk and that the default website is set up for OWA

Download the IIS Resource Kit.  You can generate a secure certificate using selfssl.
Open a command prompt and go to the install location for selfssl, usually c:\program files\IIS Resources\selfssl

selfssl  /T /N:cn=webmail.123.co.uk /V:365

This creates a certificate for webmail.123.co.uk, sets the lifetime to 365 days, adds it to the trusted
certificate store and installs it in the default website

Next, go to your OWA server and create a new file under c:\inetpub\wwwroot (assuming you are using default location) called index.htm

Add the following code

<html>
<head>
<title>123.co.uk Webmail Service</title>
<meta http-equiv="refresh" content="2; URL=https://webmail.123.co.uk/exchange">
<meta name="keywords" content="automatic redirection">
</head>
<body>
Your browser should automatically redirect you in 2 seconds.  If not click <a href="https://webmail.inghams.co.uk/exchange">here</a>
</body>
</html>

Change the default document for your default website to index.htm

Open the properties of the Exchange folder under your default website, go to directory security and make sure SSL is required and set to 128-bit

Now, users navigating to your OWA server will automatically be directedto the secure page.

If you want to make it even better, enables forms-based authentication.  Go to Exchange System Manager, expand your administrative group, expand your Front End Server, expand protocols, expand HTTP and bring up properties of Default HTTP Virtual Server.  Under setttings, tick enabledforms based authentication.

To make it better still, you can modify the logon page to autmatically provide your domain name.  Find the following section in the logon.asp file under prograqm files\exchsrvr\exchweb\bin\auth\usa\logon.asp and replace XXXXX with your domain name

return true;
}
logonForm.username.value = "XXXXX\" + logonForm.username.value;
  return false;
}
//-->
</script>
<FORM action="/exchweb/bin/auth/owaauth.dll" method="POST" name="logonForm" autocomplete="off" onsubmit="logonForm_onsubmit()">
      <% Else %>
      <BODY scroll="AUTO" bgColor="#FFFFFF" text="#000000" onload="setFocus()">
            <script Language=javascript>
  <!--
function logonForm_onsubmit()
{
if (logonForm.username.value.indexOf("@") !=-1)
{
return true;
}
logonForm.username.value = "XXXXXX\" + logonForm.username.value;
  return false;
}
//-->
</script>

The above should make for a slick OWA setup.

WARNING users will get a certififcate warning when they hit theOWAlogon page because your certififcate is not from a trusted authority.  you still get the encryption benefits however.
0
 
etonnemacherAuthor Commented:
Hi Guys - sorry it took so long for me to get back with you - long story short, I've been tasked with securing a network that is pretty wide open - The ssl was my first step and succssful thanks to your comments - Hstiles, I tried yours and screwed it up! Sorry but it did give me some good pointers! The biggest problem was that they were approaching IIS as a website provider and not a stand alone company. o moved everything under the "default" website and locked it down

Thanks for all your help!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now