Exchange 2007 installs a default SSL cert that works for OWA. This cert is not valid for Outlook Anywhere (formerly known as RPC over HTTP) because it does not use the FQDN of the exchange server. You can make it work internally by matching the server name in your Outlook settings with the one on the SSL cert. However, this won’t work externally because the name would not resolve through public DNS. This defeats the purpose of Outlook Anywhere.
Here I will explain how to configure Outlook Anywhere with a self-signed SSL certificate to save you the cost of buying one. The only added step is that you must add the cert to every client computer as a Trusted Root Certification Authority. If you buy a cert, it will already be trusted.
How to Configure Outlook Anywhere:
Summary of Steps:
- Install a valid Secure Sockets Layer (SSL) certificate from a trusted certification authority (CA) that the client trusts.
- Install the Windows RPC over HTTP Proxy component.
- Enable Outlook Anywhere on a computer that has the Exchange Server 2007 Client Access server role installed.
http://technet.microsoft.com/en-us/library/bb123889.aspx
http://technet.microsoft.com/en-us/library/aa997703.aspx
Install Active Directory Certificate Services:
Install this on your domain controller or use your existing Certificate Authority.
http://technet.microsoft.com/en-us/library/cc772393(WS.10).aspx
Set up the SSL Certificate:
Open IIS Manager
- Select the Server name in the left column
- Open Server Certificates from the middle column
- Click Create Domain Certificate from the right column
- Make sure that the common name that you create matches the URL you wish to use – mail.domainname.com
Bind the new SSL cert to the default website:
http://www.sslshopper.com/article-installing-an-ssl-certificate-in-windows-server-2008-iis-7.0.html
