Require SSL for Offline Address Book Distribution
Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
You can use Internet Information Services (IIS) Manager and the Shell to configure the virtual directory to use Secure Sockets Layer (SSL) for an offline address book (OAB). By default, when you install the Client Access server role on a computer running Microsoft Exchange Server 2010, a virtual directory named OAB is created on the default IIS Web site on the Exchange server.
When SSL is enabled, both SSL and unencrypted requests to the OAB virtual directory are allowed. You can disallow unencrypted requests by performing the procedures detailed later in this topic.
Looking for other management tasks related to OABs? Check out Managing Offline Address Books.
Prerequisites
To learn more about the various security and authentication related options that are available, we recommend that you first read Securing Client Access Servers.
After you obtain a valid SSL certificate to use with the Client Access server on the OAB default Web site or on the Web site where you host your OAB virtual directory, you should test SSL connectivity by issuing an HTTPS request. Using your browser, type the following URL in the address bar: https://<server name>/. The request should return your server's home page. You can configure the Web site to require SSL. You can also enable SSL for one or more Web sites hosted by the Client Access server. For more information, see Securing Client Access Servers.
Step 1: Use Internet Information Services 7 Manager to set up the default Web site for OAB to require SSL
To perform this procedure, you must be a member of the Administrators group on the local computer.
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
In the console tree of Internet Information Services (IIS) 7 Manager, expand the Client Access server on which you are going to configure IIS.
Expand Sites, expand Default Web Site, and then click OAB.
In the result pane, double-click SSL Settings.
In the SSL Settings property page, select the Require SSL check box, and then select the Require 128-bit SSL check box.
In the action pane, click Apply.
Step 2: Use the Shell to set up the OAB virtual directory to require SSL verification and to use an SSL-enabled external Web site
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "OAB virtual directory" entry in the Mailbox Permissions topic.
Note
You can't use the EMC to set up the OAB virtual directory to require SSL verification and to use an SSL-enabled external Web site.
To set up the OAB virtual directory to require SSL verification and to use an SSL-enabled external Web site, use the following syntax.
Set-OABVirtualDirectory -Identity <VirtualDirectoryIdParameter> -RequireSSL <$true> -ExternalURL <URL>
This example requires SSL for the OAB default Web site with an external URL for the Contoso company.
Set-OABVirtualDirectory -Identity "OAB (Default Web Site)" -RequireSSL $true -ExternalURL "https://exchange.contoso.com/oab"
For detailed syntax and parameter information, see Set-OABVirtualDirectory.
© 2010 Microsoft Corporation. All rights reserved.