インストール Exchange & Outlook Web Access (OWA)
SSL Instructions Exchange 2000 & 2003
Exchange & Outlook Web Access (OWA) SSL Instructions
Exchange 2000 & 2003
Installing your SSL Certificate / Web Server Certificate
/ Secure Server Certificate from RapidSSL.com
Firstly when your issuance email arrives you will have
two certificates in the email - your server certificate and a chained
Copy the chained certificate into a text editor such as
notepad and save as chain.cer.
Copy your web server certificate into a text editor such as notepad and
save as yourdomain.cer.
First install the chained certificate as follows:
On your webserver open by the Certificates snap-in on
1. Click the Start Button then select Run and type mmc
2. Click File and select Add/Remove Snap in
3. Select Add, select Certificates from the Add Standalone Snap-in box
and click Add
4. Select Computer Account and click Finish
5. Close the Add Standalone Snap-in box, click OK in the Add/Remove
Return to the MMC:
1. Expand the Certificates entry in the MMC and right
click the Intermediate Certification Authorities, select All Tasks,
2. Complete the import wizard, locating the chained
certificate (chain.cer) when prompted for the Certificate file to
3. Ensure that the chained certificate appears under Intermediate
Secondly, install your web server certificate:
1. Start IIS and right click Default Web Site and select
Properties from the menu.
2. When the Properties appear, click on the Directory
3. Click on Server Certificate and follow the on screen wizard:
･ Ensure that you select Process the pending request
and install the certificate. Click Next.
･ Locate the yourdomain.cer file when prompted to locate your webserver
certificate. Click Next.
･ Review the summary screen and ensure that you are processing the
correct certificate. Click Next.
･ Click Next on the confirmation screen.
4. Make sure that you have assigned Port 443 as the SSL
port for https for your site. To do this, right click Properties for
your website and make sure that 443 has been entered into the SSL port
You must restart your physical machine for the install
to be completed.
Now activate SSL for your Exchange Virtual Directory:
1. Using the Internet Services Manager, open the
properties for the Exchange virtual directory.
2. Select the Directory Security tab and the click on
the Edit button in the Secure Communication section.
3. In the Secure Communications dialogue box, check the
box Require Secure Channel (SSL), you could also check the box Require
128-bit encryption, if you do check the 128-bit checkbox, any browsers
that do not support 128-bit encryption will be unable to connect to OWA.
Now when users enter http://www.yourdomain.com/exchange,
they will receive an "HTTP 403.4 - Forbidden: SSL required Internet
Information Services" error message, because we have configured OWA to
require SSL. SSL uses the HTTPS protocol, so users would need to enter
the url as https://www.yourdomain.com/exchange.
More information to force SSL only connections:
Microsoft has written an article about forcing the use of SSL with OWA:
One final step that you may need to take is to ensure
that your Firewall / router is configured to allow HTTPS (port 443 by
default) to pass through.
Backing up your key pair file
Creating your Snap-in Management Console
Certificate Snap-in consoles (MMC) are not
preconfigured. You will need to configure the Snap-in before you can
perform any Export/Import functionality. To configure your Snap-in,
follow the steps below. The system administrator will have to create
1. Go to Start. Select Run, Type mmc and click OK. This
will bring up an empty console with no management functionality.
2. Click on Console select Add/Remove Snap-in.
3. The Snap-ins added to box will list only the Console
Root. Click Add.
4. Select Certificates and then click Add.
5. Select Computer Account.
6. Click on Finish.
7. Click Close.
8. Click on OK.
Managing your certificates
1. Go to the Microsoft Management Console (MMC) and add
the Snap-in for Certificates.
2. Select the folders Console Root\Certificates(Local
3. Right click on the certificate to export.
4. Select All Tasks and Export.
5. The Welcome to the Certificate Manager Import Wizard
6. Select Yes, export the private key. Click Next.
7. Make sure the Personal Information Exchange- PKCS # 12 (.pfx) box is
Warning: Make sure that the "Delete the private key if
the export is successful" is NOT checked.
8. Check the box Enable strong protection requires
IE5.0, NT4.0 SP4 or above. Select Next.
9. Check the box to Include all certificates in the chain.
10. Type and confirm your export password.
(Note: this password field can be left blank, but we recommend using a
good password for security)
Warning: If you lose the password, you must purchase
Save the file to a disk or other form of media. You
should choose a form of media that you would be able to recover if your
system has to be rebuilt. Save this file in a secure location.
*** Microsoft has an alert addressing a problem with
exporting and importing certificates.***
Service Pack 2 is intended to correct this problem.
There is also a hotfix that may be obtained from Microsoft that must be
run prior to exporting and importing your certificate. Please go to the
following URL for more information or email us at firstname.lastname@example.org.
Copyright (C) Capecod.Co.,Ltd.
All Rights Reserved.