SUMMARY

This step-by-step article describes how to configure Secure Sockets Layer (SSL) connections to Outlook Web Access (OWA) on a Microsoft Small Business Server 2000-based server. It describes how to install Certificate Services and how to assign a certificate to the Web site that is hosting OWA. Additionally, it describes how to configure Microsoft Internet Security and Acceleration (ISA) Server 2000 to publish OWA by using the SSL protocol.

back to the top

Install Certificate Services

You do not have to install Certificate Services if you already own a certificate from an Internet security provider. However, be aware that the certificate name must match the fully qualified domain name (FQDN) of the server that is running Small Business Server 2000. For example, if the server has a registered FQDN of mail.example.com, the certificate name must be mail.example.com. Otherwise, users will receive a warning message that states that the certificate does not match the name of the site.

To install Certificate Services, follow these steps:

1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs.
3. Click Add/Remove Windows Components.
4. Click to select the Certificate Services check box.
   
   You may receive the following warning message:

   After installing Certificate Services, the computer cannot be renamed and the computer cannot join or be removed from a domain. Do you want to continue?

   Click Yes, and then click Next.
5. Specify the mode to use for Terminal Services, and then click Next.
   
   Note Microsoft recommends that you leave Terminal Services in Remote Administration mode on a server that is running Small Business Server 2000.
6. Select the type of certification authority (CA) that the server will be. Unless there is another CA in the domain, click Enterprise Root CA.
7. Enter the CA Identification information, and then click Next.
8. Select a location for the certificate database and log files, and then click Next.
   
   You receive the following warning message:

   Internet Information Services is running on this server. You must stop this service before proceeding. Do you want to stop the service now?

   Click OK.
9. Click Finish.

back to the top

Assign the certificate to the Web site that is hosting OWA

Use one of the following procedures, depending on whether you already own a certificate from an Internet security provider.

If you do not already own a certificate from an Internet security provider

If you do not already own a certificate from an Internet security provider, assign a new certificate to the Web site that is hosting OWA. To do this:

1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
2. Expand the server object, right-click Default Web Site, and then click Properties.
   

If a Web site other than Default Web Site is hosting OWA, open the properties for that Web site instead of the properties for Default Web Site.

1. Click the Directory Security tab, and then click Server Certificate.
2. On the first page of the Web Server Certificate wizard, click Next.
3. Click Create a new certificate, and then click Next.
4. Click Send the request immediately to an online certification authority, and then click Next.
5. Accept the default name for the new certificate, and then click Next.
6. Type the name of your organization and the name of your organizational unit, and then click Next.
   

Typically, the organization name is the name of your organization, and the organizational unit name is the name of your division or department.

1. In the Common name box, type the registered FQDN of the server that is running Small Business Server 2000, and then click Next.
2. Type the geographical information for the certificate, and then click Next.
3. Click the CA to process the request, and then click Next.
   

By default, the CA that you created in the "Install Certificate Services" section is selected.

1. Review the Certificate Request Submission text, and then click Next.
2. Click Finish.
3. Click View Certificate to view the properties of the certificate.
4. Click OK to close the properties of the certificate.
5. Click OK, and then close Internet Information Services (IIS).

If you already own a certificate from an Internet security provider

If you already own a certificate from an Internet security provider, assign an existing certificate to the Web site that is hosting OWA. To do this:

1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Services Manager.
2. Expand the server object, right-click Default Web Site, and then click Properties.
   

If a Web site other than Default Web Site is hosting OWA, open the properties for that Web site instead of the properties for Default Web Site.

1. Click the Directory Security tab, and then click Server Certificate.
2. On the first page of the Web Server Certificate wizard, click Next.
3. Click Assign an existing certificate, and then click Next.
4. Click to select the certificate, and then click Next.
5. Review the Certificate Summary text, and then click Next.
6. Click Finish.
7. Click View Certificate to view the properties of the certificate.
8. Click OK to close the properties of the certificate.
9. Click OK, and then close Internet Information Services (IIS).

After you complete these steps, users must use the https:// prefix (for example, https://mail.example.com/exchange) to connect to OWA by using SSL.

back to the top

Configure ISA Server 2000 to publish OWA by using the SSL protocol

You only have to complete these steps if the server that is running Small Business Server 2000 has two network adapters and is running ISA Server 2000.

To configure ISA Server 2000 to publish OWA by using SSL, follow these steps:

1. Click Start, point to Programs, point to Microsoft ISA Server, and then click ISA Management.
2. Right-click the server object, and then click Properties.
3. Click the Incoming Web Requests tab.
4. Click to clear the Enable SSL listeners check box, and then click OK.
5. Click Save the changes and restart the service(s), and then click OK.
6. Expand Publishing, right-click Server Publishing, point to New, and then click Rule.
7. Type a name for the rule, and then click Next. For example, type OWA SSL.
8. Under IP address of internal server, type the IP address of the internal network adapter of the server that is running Small Business Server 2000, or click Find to select it.
9. Under External IP address on ISA Server, type the IP address of the external network adapter of the server that is running Small Business Server 2000, or click Browse to select it.
10. Verify that you have entered the correct internal and external IP addresses, and then click Next.
11. Under Apply the rule to this protocol, select HTTPS Server, and then click Next.
12. Click Any request, and then click Next.
13. Click Finish to complete the wizard.

Important After you configure ISA Server 2000, be aware that running the Internet Connection Wizard to configure ISA packet filtering will enable SSL listeners. This will cause SSL connections to the OWA site to fail. Therefore, if you run the Internet Connection Wizard after you configure SSL connections to the OWA site, click to select Do not change ISA Server packet filters check box on the Configure Packet Filtering page, or follow the steps in the "Configure ISA Server 2000 to publish OWA by using the SSL protocol" section to clear the Enable SSL listeners check box after the wizard is completed.

For more information about the Internet Connection Wizard enabling the SSL listeners option, click the following article number to view the article in the Microsoft Knowledge Base:

back to the top