Home > Exchange > SSL Enabling OWA 2003 using your own Certificate Authority Part 1

SSL Enabling OWA 2003 using your own Certificate Authority Part 1

To install the CA component, do the following:

  • Click Start > Control Panel > Add or Remove Programs
  • Select Add/Remove Windows Components
  • Put a checkmark in Certificate Services

Below screen will popup as a warning, just click Yes > then Next


We now have to select what type of CA to use, choose Enterprise root CA and click Next


in the following screen we have to fill out the Common name for our CA, which in this article is mail, Leave the other fields untouched and click Next >image

We now have the option of specifying an alternate location for the certificate database, database log, and configuration information. In this article we will use the defaults, which in most cases should be just fine.

Now click Next >


The Certificate Service component will be installed, when it’s completed, click Finish


Now that we have installed the Certificate Services component, it’s time to create the Certificate Request for our Default Website. We should therefore do the following:

  • Click Start > Administrative Tools > Internet Information Services (IIS) Manager
  • Expand Websites > Right-click Default Website then select Properties
  • Now hit the Directory Securitytab
  • Under Secure Communications click Server Certificate…



As we’re going to create a new certificate, leave the first option selected and click Next >


Because we’re using our own CA, select Prepare the request now, but send it later, then click Next >


Type a descriptive name for the Certificate and click Next >


We now need to enter our organization name and the organizational unit (which should be pretty self-explanatory),  then click Next >


in the next screen we need to pay extra attention, as the common name reflects the external FQDN (Fully Qualified Domain Name), to spell it out, this is the address external users have to type in their browsers in order to access OWA from the Internet.

Note: As many (especially small to midsized) companies don’t publish their Exchange servers directly to the Internet, but instead runs the Exchange server on a private IP address, they let their ISP’s handle their external DNS settings. In most cases the ISP creates a so called A record named mail.domain.com pointing to the  company’s public IP address, which then forwards the appropriate port (443) to the Exchange servers internal IP address.
When your have entered a Common Name click Next >


Now it’s time to specify the Country/Region, State/Province and City/locality, this shouldn’t need any further explanation, when you have filled out each field, click Next >


in the below screen we have to enter the name of the certificate request we’re creating, the default is just fine, click Next >


In this screen we can see all the information we filled in during the previous IIS Certificate Wizard screens, if you should have made a mistake, this is your last chance to correct it. If everything looks fine click Next >


And finally we can click Finish.


Categories: Exchange
  1. February 7, 2013 at 12:26 pm

    I personally Think post, “SSL Enabling OWA 2003
    using your own Certificate Authority Part 1 demagnum” was indeed correctly
    written! I reallycouldn’t see eye to eye with you even more! Finally looks like I reallyidentified a internet site worth browsing. Thanks, Sang

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: