XCCC: Turning On SSL for Exchange 2000 Server Outlook Web Access

Article translations Article translations
Article ID: 320291 - View products that this article applies to.
This article was previously published under Q320291
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all


You can use Secure Sockets Layer (SSL) to secure communication between clients (Web browsers) and a Microsoft Outlook Web Access (OWA) server. SSL encrypts all of the data that is sent over the network. This data includes logon credentials and mailbox and public folder items. SSL is the preferred, standard method to secure communication over the Internet.

More information

To turn on SSL on the Exchange 2000 virtual roots:
  1. Obtain an SSL certificate. You can purchase a certificate from a number of third-party certification authorities. This is the preferred method because many of these certification authorities are already trusted by the majority of browsers. You can also use Microsoft Certificate Server to install your own certification authorities.
  2. Configure your SSL certificate in Microsoft Internet Information Services (IIS):
    1. Start Internet Services Manager, which loads the Internet Information Server Microsoft Management Console (MMC) snap-in.
    2. In the Internet Information Server MMC snap-in, right-click the Web site that contains the Exchange 2000 virtual roots, and then click Properties.
    3. Click the Directory Security tab.
    4. Under Secure communications, click Server Certificate to start the Web Server Certificate Wizard. You can use the Web Server Certificate Wizard to configure the certificate, based on the information that your certification authority provided.

      NOTE: At this point, users can use OWA over SSL by browsing to the following Web site:
  3. If you want to enforce the use of SSL, you can require secure channel communication on each Exchange 2000 virtual root:
    1. In the Internet Information Server MMC snap-in, click the Exchange 2000 virtual root that you want to secure (for example, click Exchange or Public).
    2. Right-click the virtual root, and then click Properties.
    3. Click the Directory Security tab.
    4. Under Secure communications, click Edit.
    5. Click to select the Require secure channel(SSL) check box.
NOTE: If you want to enforce the use of SSL, complete step 3 for each Exchange 2000 virtual root. By default, the virtual roots include the "Exchange" and "Public" virtual directories. However, the virtual roots may differ depending on your configuration.

NOTE: SSL cannot be required on a back-end server's 'exchange' virtual directory in a front-end/back-end configuration. Only the front-end server can require SSL, and it always proxies the request to the back-end server on port 80.


Article ID: 320291 - Last Review: October 26, 2013 - Revision: 4.0
Applies to
  • Microsoft Exchange 2000 Server Standard Edition
  • Microsoft Exchange 2000 Enterprise Server
kbnosurvey kbarchive kbhowto KB320291

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com