When clients connect to an Outlook Web Access (OWA) server, the information must be protected to ensure that usernames, passwords, and messaging data are not susceptible to compromise. This protection can be accomplished through the use of SSL on the Internet Information Services (IIS) virtual server. SSL requires a digital certificate that can be supplied either by the organization's PKI or through a third-party, such as VeriSign.
If SSL is used on the OWA server, clients connect to the OWA server by typing https://<FQDN> or https://<FQDN>/exchange to log on and use Exchange Server 2003 over the SSL connection. One of the biggest hassles for clients, however, is remembering to use https rather than just http. Using http means using the nonsecure URL.
Exchange Server 2003 provides a way to automatically redirect OWA clients to an SSL connection if they should use the non-secure URL. This prevents users from mistakingly trying to use the non-secure URL—not to mention keeps the number of helpdesk calls to a minimum if users are not able to gain access to email.
To configure automatic SSL redirection when form-based authentication is not in use, create a new HTM file called HTTPSRedirect.htm with the following contents:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD> <meta http-equiv="refresh" content="0; url=https://webmail.companyabc.com"> </HEAD></HTML>
NOTE
In the examples provided, replace webmail.companyabc.com in the file contents with the Fully Qualified Domain Name (FQDN) of the organization's OWA server.
If you use form-based authentication, do the following: