Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OWA, Front End/Back end, SSL, Password Change Button

Status
Not open for further replies.
age

age

Technical User
May 31, 2001
191
GB
Hi, can somebody help me with this? I am getting very confused!

I have the following Exchange 2003/Outlook Web Access set up:

1 Front End server hosting OWA via ISA which is available to the internet.

2 Back End servers for the mailbox stores.

The back end servers are also used for OWA internally directly rather than going via the OWA box.

None of these are not currently configured to use SSL.

Because of this, at the moment the 'Change Password' buttons within the OWA options don't work on any of the servers.

What I want to be able to do is enable SSL for OWA on all the servers so that OWA over the internet is secure using the front end server and OWA on the LAN is also secure if you connect directly to the back end servers OWA. Also, this will enable the change Passwords button to be used.

My big question is how many certificates do I need? One for each server?

Many thanks!

Adrian.
 
Sort by date Sort by votes
You can install the MS Cert Server and can install the same site certificate on all servers.

There are specific steps to show the change password button, you need ot edit the registry. Did you do that?

I hope you find this post helpful.

Regards,

Mark
 
Upvote 0 Downvote
What I did (and I have the same scenario as you) is get a 3rd party certificate (VeriSign in my case but they aren't the cheapest...) which is used on the ISA box to enable https logon. Then I installed a certificate authority on am internal server and issued a certifcate to the front-end server and ISA server which is what is used for the SSL bridge between the ISA and FE server (this doesn't need to be an external certificate as no clients make use of it).

There's some good guides for this on but basically what I did was through IIS on the FE server I made a certificate request, pasted the info when requesting the certificate from VeriSign. Then once you receive the certificate load it into IIS on the FE. however you actually need the certificate on the ISA server so you then need to export the certificate (including the entire chain) to the ISA box. The reason you can't do it directly from the ISA box is you shouldn't have IIS installed there.

The internal certificate was basically create the CA, issue a certificate for the FE server and import that into both the FE and ISA server. Ignore the certificate information part when configuring the SSL bridge, it had me confused but you don't specify anything there.

As for the password change, it's a registry hack (again guides available on the aforementioned site). One thing that threw me though was initially I made the registry change on the FE server but it didn't work, eventually I found a MS KB article saying you had to do it on both the FE and BE servers (no guide I saw mentioned this).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
3K
microsGuy16
microsGuy16
ponoodle
  • Locked
  • Question
Disabling OWA for on prem Exchange while in a hybrid envirenment.
Replies
0
Views
3K
ponoodle
ponoodle
pinytech
  • Locked
  • Question
What is the function of the SSL Cert in Exch 2010
Replies
1
Views
290
DrB0b
DrB0b
lwhalo
  • Locked
  • Question
Domain Admins - Active Sync/OWA question
Replies
1
Views
260
ntinlin
ntinlin
SWC6284
  • Locked
  • Question
Exchange 2011 - mail bouncing back from from one user sending scans via address book on Fuji Xerox
Replies
0
Views
215
SWC6284
SWC6284

Part and Inventory Search

Sponsor

Back
Top