Certificate Services Support

User-added image

This article assumes you already have an SSL certificate installed on your IIS 5 or IIS 6 server.

In the below example, we will use OWA and force SSL on the /exchange directory.

You can only turn on SSL if you've installed a certificate. Once that's done, you can enable or require SSL for any or all of the directories served by IIS on that machine. 

1. Open the Computer Management snap-in on your Exchange server. Expand the Services and Applications node, then the Internet Information Services node.

2. Expand the Default Web Site node, then find the Exchange directory. Right-click it and choose the Properties command.

3. Click the Directory Security tab. In the Secure Communications control group, the View  Certificate and Edit buttons should be active. If they're not, your certificate isn't installed properly—you'll have to fix it before proceeding.

4. Click the Edit button in the Secure Communications group. You'll see the Secure Communications dialog box.

5. Check the "Require secure channel (SSL)" checkbox. You can optionally check the "Require 128-bit encryption" box as well. Doing     so gives you better security, but some clients may not be able to connect.

Once you have made these changes, you should be able to open your mailbox by typing  https://yourServerName/exchange/yourMailbox. You should not be able to open it with an ordinary http URL.

Try opening your mailbox with and without SSL. Verify that you cannot open it without using https:// as the URL prefix.

Automatically Redirect Users to the SSL Site

Once you've configured IIS to require the use of SSL, you may also want to automatically redirect users to the secure directory; that way, users who can't remember to use https:// can still get their mail without bothering you. To do this, you'll need to create a file named ssl-redirect.asp in your sites' server's inetpub\wwwroot\siteasp directory. In that file, paste the following code:

<%
If Request.ServerVariables("SERVER_PORT")=80  Then
Dim strRedirURL
strRedirURL = "https://" & Request.ServerVariables("SERVER_NAME")
 strRedirURL = strRedirURL & "/yourfolder"
Response.Redirect strRedirURL
End If
%>

Next, follow these instructions to tell IIS to map error 403.4 to the ssl-redirect.asp file. Every time IIS encounters that particular error, it will execute the ASP code, which automatically redirects the user to the correct page.

Further reading: http://support.microsoft.com/default.aspx?scid=kb;en-us;302570&sd=tech
HOW TO: Configure Custom Error Messaging for Your Web Site in IIS
SUMMARY: This step-by-step guide describes how to configure Internet Information Services (IIS) to send custom error messages instead of the default Hypertext Transfer Protocol (HTTP) error messages.

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.

 

CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088