Fortunately, the HTTP protocol can be encrypted with a technology known as Secure
Sockets Layer (SSL), which scrambles the packets sent between client and server by using a
FIGURE 12.1 Examining Outlook Web Access.
317
12
Enabling Secure Sockets Layer (SSL) Support for Exchange Outlook Web Access
set of keys tied to an SSL certificate installed on the OWA server, such as what is illustrated
in Figure 12.2. This certificate ensures the identity of the server itself, and allows the
traffic to be virtually uncrackable, particularly if strong 128-bit encryption is used.
The upshot of this discussion is that it is vital, and almost always necessary, to secure
OWA-based traffic using digital SSL certificates. It is less and less common to run into
OWA implementations that are not secured with SSL, and this chapter focuses on deploying
and securing OWA sites that use SSL to encrypt the traffic.
Installing a digital certificate on the Exchange OWA server, and later on ISA itself, involves
a two-step process. In the first step, the certificate request must be generated from the
OWA server and sent to a certificate authority. Secondly, the certificate authority must
then verify the identity of the site and send a certificate back to the organization to be
installed on the OWA server.
Pages:
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528