OWA 2000 Question

[Edney]

Hi all,

wanting to implement OWA for employees to use over the internet. Is this the case, I have the following options:

1. Open port 80 on the firewall (http, is this secure??) OR
2. Open port 443 on the firewall instead (http with SSL)

What are the implications of Option 1, if I implement option 2 do I need to purchase some sort of certificate for SSL??

Any other suggestions would be great, could also implement this in a DMZ scenario, is this suitable for a small organisation, about 120 users??

looking forward to your responses,

Cheers Edney.

 

[isguyatlanta]

What I did was open 80 and 443 to the OWA server with a redirect asp from the port 80 site to the https:// address. The certifercate is created from within the IIS manager. You must have a server in your domain configured as the certification authority to do this.

Don't allow people to use OWA without SSL. Login ID/passwords and data will not be protected.

The ASP file:
<%@LANGUAGE=&quot;VBSCRIPT&quot;%>
<%
Response.Redirect &quot;

https://SERVERNAME/exchange&quot;

%>