Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2009-10-14

Secure Sockets Layer (SSL) encryption is used in Outlook Web App to help secure the connection between the Exchange Server 2010 Client Access server and the client. By default, Outlook Web App uses forms-based authentication and requires SSL encryption.

Looking for management tasks related to using SSL in Outlook Web App? See Managing Outlook Web App Security.

SSL Encryption and Outlook Web App

When you install the Client Access server role, four Outlook Web App virtual directories are created in the default Internet Information Services (IIS) Web site on the Exchange server. The four virtual directories are named \owa, \exchange, \public, and \exchweb. By default, these virtual directories and the default Web site are configured to require SSL.

If you want to use SSL to help secure additional Outlook Web App virtual directories or Web sites that you have created, you must do so manually. To configure a site to use SSL, you must obtain a certificate and configure the Web site or virtual directory to require SSL by using that certificate.