Subscribe to Windows IT Pro

 

Get Newsletters

  • Get the Latest News
  • Product Updates
  • Helpful Tricks
  • Productivity Tips

Subscribe Now!

October 16, 2000 12:00 AM

SSL's Benefits on OWA

Barb Mcdonald
Windows IT Pro
InstantDoc ID #15772
Rating: (1)

If you haven't yet implemented Outlook Web Access (OWA) with Secure Sockets Layer (SSL), you should. OWA sessions aren't encrypted by default, and the communication between the Exchange server and the end-user browser is in clear text. Adding SSL to your OWA sessions ensures end-to-end encryption for the duration of the session. Most important, enabling SSL also lets users change their Windows NT passwords through the OWA client. In the absence of SSL, you can't change passwords.

Microsoft's Knowledge Base provides step-by-step information about how to apply SSL security on OWA. In particular, see "XCLN: Configuring Exchange OWA to Use SSL" (http://support.microsoft.com/support/kb/articles/q234/0/22.asp). You need to use a certificate from either a commercial Certificate Authority (CA) such as VeriSign or from Microsoft Certificate Server. The Microsoft article "How to Configure Certificate Server for Use with SSL on IIS" (http://support.microsoft.com/support/kb/articles/q218/ 4/45.asp) describes how to use a certificate.

Certificate Server is more appropriate for implementations of OWA that are intranet based so that a local authority can satisfy security requirements. If you want to deploy OWA for both intranets and extranets, a commercial certificate is better. When you acquire a certificate from VeriSign, VeriSign verifies your company credentials as part of the process. That way, a disinterested third party vouches for your credentials and confirms that you are who you say you are. Using a commercial certificate instead of Certificate Server is akin to having a legal document notarized. Both Certificate Server and a commercial certificate encrypt the session end to end.

Related Content:

ARTICLE TOOLS


Want to use this article? Click here for options!

Comments
Add A Comment
  • Anonymous User
    7 years ago
    May 13, 2005

    I made this change, so disabling the require SSL, but it doesn't help...
    Stll the same problem, I even restarted the system attendant after restarting IIS

  • ElPadrino
    8 years ago
    Jun 01, 2004

    You do not need to go through all that trouble to manager Public Folders after implementing SSL. Simply right-click the Exadmin Virtual Directory. Select the Directory Security tab, choose Edit from the Secure Communications section and clear the "Require Secure Channel (SSL)" dialog box. Restart IIS and you can manage your Public Folders with ESM and have OWA 128-bit SSL Encrypted.

    Enjoy....

  • Friendly Passerby
    9 years ago
    Nov 05, 2003

    Bryan - the answer to your question is hard to find, in fact I couldn't locate the QB article to back up my comments but I assure you it's there somewhere. Anywho, the problem lies within the fact that to administer public folders the Exchange System Manager uses the Exadmin virtual web WHICH is required to be running on port 80. When you require a SSL connection to the default website, this changes the port to 443 not allowing the Syatem Manager to connect. The only way to work around this is to go with a frontend/backend setup with your Exchange servers, assuming you can afford to do so, Or what I do, is to pop in late at night - remove the certificate, make the needed public folder changes, and then rebind the certificate. Ulgy but it works in a small enviroment..

    jason - holy cow YES it makes a difference! Remember that your email username and password are also your network username/password. If someone with (easy to obtain) sniffing tools were to snatch the username/password combo they would effectively have as much access on your network as the user does...bad news

    HTH

  • Bryan Lanne
    10 years ago
    May 07, 2002

    I added an SSL certificate for OWA, which works great. Now I cannot administer public folders, the error is "the certificate name does not match the server" I can't seem to find any resources on implications of SSL and OWA with Exch 2k administration.

  • jason ledger
    11 years ago
    Jan 16, 2001

    What risks am I taking by using owa with plain text ? Are these risks purely theoretical ?

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

White Papers

Get your Windows 7 deployment off to the right start by implementing PC lockdown. A locked-down environment is easier and cheaper to support since users are less likely to make unnecessary changes to the core system configuration - read more here!

Essential Guides

Is your iSCSI "lossy"? The reality is that most off-the-shelf Ethernet hardware deployed for iSCSI can lose packets, resulting in slow performance or application downtime. Learn how to assess your current iSCSI infrastructure and engineer an advanced iSCSI SAN infrastructure.

Web Seminars

What's the best way to keep your network safe from malware? In this web seminar, security expert Greg Shields suggests an alternative method to the traditional blacklisting approach that is common with anti-virus and anti-malware solutions.

eLearning Series

We bring the experts direct to you to share their real-world perspective and expertise. During each event, three sessions stream in real time, so you can learn, ask questions, and get solutions.
Upcoming event: Getting the Most with Exchange 2010 with Paul Robichaux

Subscribe to Windows IT Pro!

Cloud IT Pro DevProConnections Left-Brain Mobile Dev Pro SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.