This article assumes you already have an SSL certificate installed on your IIS 5 or IIS 6 server.
In the below example, we will use OWA and force SSL on the /exchange directory.
You can only turn on SSL if you've installed a certificate. Once that's done, you can enable or require SSL for any or all of the directories served by IIS on that machine.
1. Open the Computer Management snap-in on your Exchange server. Expand the Services and Applications node, then the Internet Information Services node.
2. Expand the Default Web Site node, then find the Exchange directory. Right-click it and choose the Properties command.
3. Click the Directory Security tab. In the Secure Communications control group, the View Certificate and Edit buttons should be active. If they're not, your certificate isn't installed properly—you'll have to fix it before proceeding.
4. Click the Edit button in the Secure Communications group. You'll see the Secure Communications dialog box.
5. Check the "Require secure channel (SSL)" checkbox. You can optionally check the "Require 128-bit encryption" box as well. Doing so gives you better security, but some clients may not be able to connect.
Once you have made these changes, you should be able to open your mailbox by typing https://yourServerName/exchange/yourMailbox. You should not be able to open it with an ordinary http URL.
Try opening your mailbox with and without SSL. Verify that you cannot open it without using https:// as the URL prefix.
Automatically Redirect Users to the SSL Site
Once you've configured IIS to require the use of SSL, you may also want to automatically redirect users to the secure directory; that way, users who can't remember to use https:// can still get their mail without bothering you. To do this, you'll need to create a file named ssl-redirect.asp in your sites' server's inetpub\wwwroot\siteasp directory. In that file, paste the following code:
If Request.ServerVariables("SERVER_PORT")=80 Then
strRedirURL = "https://" & Request.ServerVariables("SERVER_NAME")
strRedirURL = strRedirURL & "/yourfolder"
Next, follow these instructions to tell IIS to map error 403.4 to the ssl-redirect.asp file. Every time IIS encounters that particular error, it will execute the ASP code, which automatically redirects the user to the correct page.
Further reading: http://support.microsoft.com/default.aspx?scid=kb;en-us;302570&sd=tech
HOW TO: Configure Custom Error Messaging for Your Web Site in IIS
SUMMARY: This step-by-step guide describes how to configure Internet Information Services (IIS) to send custom error messages instead of the default Hypertext Transfer Protocol (HTTP) error messages.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
|Australia||0011 - 800-3687-7863|
|Austria||00 - 800-3687-7863|
|Belgium||00 - 800-3687-7863|
|Denmark||00 - 800-3687-7863|
|Finland||990 - 800-3687-7863 (Telecom Finland)|
00 - 800-3687-7863 (Finnet)
|France||00 - 800-3687-7863|
|Germany||00 - 800-3687-7863|
|Hong Kong||001 - 800-3687-7863 (Voice)|
002 - 800-3687-7863 (Fax)
|Ireland||00 - 800-3687-7863|
|Israel||014 - 800-3687-7863|
|Italy||00 - 800-3687-7863|
|Japan||001 - 800-3687-7863 (KDD)|
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
|Korea||001 - 800-3687-7863 (Korea Telecom)|
002 - 800-3687-7863 (Dacom)
|Malaysia||00 - 800-3687-7863|
|Netherlands||00 - 800-3687-7863|
|New Zealand||00 - 800-3687-7863|
|Norway||00 - 800-3687-7863|
|Singapore||001 - 800-3687-7863|
|Spain||00 - 800-3687-7863|
|Sweden||00 - 800-3687-7863 (Telia)|
00 - 800-3687-7863 (Tele2)
|Switzerland||00 - 800-3687-7863|
|Taiwan||00 - 800-3687-7863|
|United Kingdom||00 - 800-3687-7863|
0800 121 6078
+44 (0) 118 953 3088