• Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

single ssl for exchange

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Server Security >> single ssl for exchange Page: [1]
Message << Older Topic   Newer Topic >>
single ssl for exchange - 26.Dec.2006 10:48:11 PM   


Posts: 1
Joined: 26.Dec.2006
Status: offline
hello to all, i run a single server2003 with exchange2003 both standard. i have been setting up active sync and owa. from what i have found no matter how many sights i look at in a single server i have to do the mskb 817379 in order to require ssl with cert on owa but my question is if i follow that kb does this leave active sync running without any ssl security when the devices sync with exchange? would this then mean communication between the devices would be unsecured? if this is the case what are others with a single server setup doing to secure communication with mobile devices? i do have a certificate installed and owa is working fine i just can't grasp what happens to the communication if i don't or can't require ssl over the active sync.
thanks for any responses.
Post #: 1
RE: single ssl for exchange - 27.Dec.2006 10:30:00 AM   


Posts: 3542
Joined: 4.Apr.2005
From: Toronto, Canada
Status: offline
Communication between a mobile device and the exchange server is handled through the Microsoft-Server-ActiveSync virtual directory in IIS. This particular directory can be set to use SSL. For ActiveSync to access a user's mailbox, it will need to connect through the Exchange virtual directory. Unfortunately the communication between ActiveSync and Exchange virtual directories will only happen over Port 80 (HTTP) and not 443 (HTTPS). So what this article (817379) recommends is to create a new virtual directory (ExchangeVDir) that does not use SSL, add a registry entry for Microsoft-Server-ActiveSync to use this new directory (since it is a duplicate of Exchange but without SSL being required), leaving the original Exchange virtual directory to continue using SSL and leaving OWA still secured. At the same time communication between the mobile device and Exchange will also remain secured with SSL as the device will contact the Microsoft-Server-ActiveSync virtual directory for mailbox access.

Hope this helps


Ibrahim Benna - Microsoft Exchange MVP
Forum Moderator

(in reply to jjenni)
Post #: 2
RE: single ssl for exchange - 6.Dec.2010 7:19:46 PM   


Posts: 12
Joined: 6.Mar.2005
From: dsgerr
Status: offline
My setup and challenges faced were exactly as the original poster's. But I think it should be noted, because it is not so obvious for some of us (like me), that you have to require SSL on the Activesync virtual directory if you want to secure your mobile devices. The article 817379, and many other Internet queries, led me to believe that I only had to work with the Exchange VD and the ExchangeVDir clone that is created through that article.

If I am wrong, please correct me, but this is the only way I have been able to require SSL on OWA and mobile devices without errors.

(in reply to jjenni)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Server Security >> single ssl for exchange Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Follow TechGenix on Twitter