No announcement yet.

SBS 2003 Certificates and Outlook RPC over HTTPS

  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS 2003 Certificates and Outlook RPC over HTTPS

    Hi everyone

    We have had users happily connecting to OWA and RWW and I've now set up Outlook 2003 with RPC/HTTPS and it all works fine but I'm just a bit concerned about the steps I've taken whether or not we are as secure as we can be. I've followed the excellent guides here - thank you.

    I issued a new certificate on the server simply in the name of external fixed IP address - not a FQDN as our SBS is behind a hardware modem/router/firewall and I have not got any othe SSL certificate nor an ISP record to divert traffic.

    To get Outlook working, I first of all opened IE7, pointed it at the RWW and installed the certificate on the client. With that installed, the Outlook Exchange Proxy settings were entered as https://IP address and the Mutual Authentication msstd:IP address. Using the outlook.exe /rpcdiag command I can see that HTTPS connections are being established.

    As I say it all works fine but in the section in IIS, Default Web Site, Directory Security, Edit Certificate, when I ticked "Require Secure Channel (SSL)" and Require 128 bit encryption" I got a load of messages about child services that can overwrite permissions. So I left it.

    My questions please are - is my home made cert good enough and what are the implications of not having SSL & 128 bit security ticked ? Does the fact that the connections are showing as https mean it is secure ?

    Many thanks.


  • #2
    Re: SBS 2003 Certificates and Outlook RPC over HTTPS

    Moved to SBS Forum. I am sure Steven can tell you what Wizard to use to se it up correctly.
    Last edited by biggles77; 16th December 2006, 04:35. Reason: Added information, well sort of.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2


    • #3
      Re: SBS 2003 Certificates and Outlook RPC over HTTPS

      When you hit OK in IIS Directory Security, it is normal to get the messages you refer to for child services. Just proceed.

      If you do not use SSL in OWA, then the only way you are going to access your e-mail using OWA is through port 80 and this makes your SBS server a sitting duck.

      Set up the certificate and be sure you turn of port 80 forwarding.
      Network Engineers do IT under the desk


      • #4
        Re: SBS 2003 Certificates and Outlook RPC over HTTPS

        NO it's just a tick box in the CEICW - and you tell it later the name of the self-signed certificate you want. You don't need to touch anything else unless you need the certs for a mobile 5 device.
        Attached Files

        Steven Teiger [SBS-MVP(2003-2009)]
        Iím honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We donít stop playing because we grow old, we grow old because we stop playing.