Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2
Topic Last Modified: 2012-07-23
You can use Internet Information Services (IIS) Manager and the Shell to configure the virtual directory to use Secure Sockets Layer (SSL) for an offline address book (OAB). By default, when you install the Client Access server role on a computer running Microsoft Exchange Server 2010, a virtual directory named OAB is created on the default IIS Web site on the Exchange server.
When SSL is enabled, both SSL and unencrypted requests to the OAB virtual directory are allowed. You can disallow unencrypted requests by performing the procedures detailed later in this topic.
Looking for other management tasks related to OABs? Check out Managing Offline Address Books.
- To learn more about the various security and authentication
related options that are available, we recommend that you first
Client Access Servers.
- After you obtain a valid SSL certificate to use with the Client
Access server on the OAB default Web site or on the Web site where
you host your OAB virtual directory, you should test SSL
connectivity by issuing an HTTPS request. Using your browser, type
the following URL in the address bar: https://<server
name>/. The request should return your server's home page.
You can configure the Web site to require SSL. You can also enable
SSL for one or more Web sites hosted by the Client Access server.
For more information, see Securing Client Access
Step 1: Use Internet Information Services 7 Manager to set up the default Web site for OAB to require SSL
To perform this procedure, you must be a member of the Administrators group on the local computer.
- Click Start, point to Administrative Tools, and
then click Internet Information Services (IIS) Manager.
- In the console tree of Internet Information Services (IIS) 7
Manager, expand the Client Access server on which you are going
to configure IIS.
- Expand Sites, expand Default Web Site, and then
- In the result pane, double-click SSL Settings.
- In the SSL Settings property page, select the Require
SSL check box, and then select the Require 128-bit SSL
- In the action pane, click Apply.
Step 2: Use the Shell to set up the OAB virtual directory to require SSL verification and to use an SSL-enabled external Web site
You need to be assigned permissions before you can perform this procedure. To see what permissions you need, see the "OAB virtual directory" entry in the Mailbox Permissions topic.
|You can't use the EMC to set up the OAB virtual directory to require SSL verification and to use an SSL-enabled external Web site.|
To set up the OAB virtual directory to require SSL verification and to use an SSL-enabled external Web site, use the following syntax.
Set-OABVirtualDirectory -Identity <VirtualDirectoryIdParameter> -RequireSSL <$true> -ExternalURL <URL>
This example requires SSL for the OAB default Web site with an external URL for the Contoso company.
Set-OABVirtualDirectory -Identity "OAB (Default Web Site)" -RequireSSL $true -ExternalURL "https://exchange.contoso.com/oab"
For detailed syntax and parameter information, see Set-OABVirtualDirectory.