|
Home > Archive > IIS Server Security > January 2004 > Outlook WebAccess (Exchange 2003) with SSL on IIS 6 (Windows 2003)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Outlook WebAccess (Exchange 2003) with SSL on IIS 6 (Windows 2003)
|
|
| Andreas Hilp 2004-01-24, 1:57 am |
| Hello,
I want to use Outlook WebAccess (Exchange 2003) with SSL on an IIS 6 which
is running on a Windows 2003 server.
I have created a certificate successfully. After I have installed this on
the default website you cannot connect to the https/SSL port 443. But the
IIS is listening on this port.
The connect to the default port 80 is working nevertheless.
What went wrong? What can I do in order to use Outlook WebAccess (Exchange
2003) with SSL on IIS 6 (Windows 2003)?
Kind regards,
Andreas
| |
| Andreas Klein [MSFT] 2004-01-24, 1:57 am |
| 1) Preferred language in this NG is german
2) This is better suited for an Exchange focussed NG
3) You need to configure Exchange OWA to ensure that it runs correctly when
using SSL.
--
Mit freundlichen Grüßen / Kind Regards,
Andreas Klein
Microsoft Services
Die Inhalte der in dieser Newsgroup eingestellten Nachrichten stammen von
Dritten. Microsoft kann daher für die Richtigkeit und Vollständigkeit der
Inhalte keine Haftung übernehmen.
This posting is provided "AS IS" with no warranties, and confers no rights.
| |
| Karl Levinson [x y] mvp 2004-01-24, 1:57 am |
| Instructions are probably at www.microsoft.com/technet/security. I'm
guessing you didn't check the box on the security tab in the IIS MMC that
says "require SSL connections." However, you should probably follow the
OWA-specific instructions instead of checking that box for the entire web
site using my humble instructions.
IIS probably *should* be listening on port 80, because people are going to
try to access that port, and IIS can't very well redirect users to the real
site unless it's serving up some sort of page that allows redirection from
the site at 80 to the site at 443. Otherwise, users will need to remember
to use https:// in the URL to access OWA, and people with old shortcuts
pointing to http:// will have problems.
"Andreas Hilp" <ahilp@tesla.de> wrote in message
news:brq292$uik$05$1@news.t-online.com...quote:
> Hello,
>
> I want to use Outlook WebAccess (Exchange 2003) with SSL on an IIS 6 which
> is running on a Windows 2003 server.
> I have created a certificate successfully. After I have installed this on
> the default website you cannot connect to the https/SSL port 443. But the
> IIS is listening on this port.
> The connect to the default port 80 is working nevertheless.
>
> What went wrong? What can I do in order to use Outlook WebAccess (Exchange
> 2003) with SSL on IIS 6 (Windows 2003)?
>
> Kind regards,
> Andreas
>
>
>
| |
| Yogita Manghnani [MSFT] 2004-01-24, 1:59 am |
| Andreas,
If you are unable to browse any page in the website using https, then SSL
is probably not configured properly. Check your event logs for any
errors/warnings.
1) Check if port 443 is specified in the Website properties (Site
identification section under the Website tab)
2) Make sure no Host headers are specified in the Advanced properties in
the Website idenitification section. If there is a host header, you will
need to get rid of it, since SSL and host headers will not work together.
3) Make sure the sspifilt.dll is loaded either in the Master properties in
IIS or for the website itself.
4) Make sure the certificate is valid.
Your best option would be to download and run the tool SSLDiag which will
check various SSL related configurations and tell you if something's amiss.
Just run the tool and wait for it to dump out into to you, then review it
for any errors.
http://www.microsoft.com/downloads/...a1d0-5a10-41bc-
83d4-06c814265282&DisplayLang=en
To enforce SSL on the OWA site, you can follow these links:
http://support.microsoft.com/defaul...kb;en-us;239875
http://support.microsoft.com/defaul...kb;en-us;268822
Hope this helps.
Yogita Manghnani
Microsoft Developer Support
Internet Information Server
****************************************
*****************************[QUOTE][col
or=darkred]
account name for newsgroup participation only.<<
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
© 2003 Microsoft Corporation. All rights reserved.
****************************************
*****************************
|
|
|
|
|