252 Chapter 5 • Managing the Client Access Server 10. We have now reached the most important step in the IIS Certifi cate Wizard, where we have to enter the common name for the Default Web Site. This common name must match the name of the URL through which we access the Client Access Server from a client on the Internet. The common name is usually mail.domain.com, mobile.domain.com, or owa.domain.com. When you have entered the common name, click Next (Figure 5.11). Figure 5.11 Typing the Common Name for the SSL Certifi cate NOTE It is very important you enter the correct common name since it cannot be changed once you have received your SSL certifi cate from your third-party provider. Managing the Client Access Server • Chapter 5 253 11. Now enter the respective geographical information and click Next. 12. Specify the path and fi le name to save the certifi cate request, and then click Next. 13. Verify that the information in the request is correct (especially the Issued To information), then click Next and fi nally Finish, exiting the IIS Certifi cate Wizard. SOME INDEPENDENT ADVICE You can also issue a request for an SSL certifi cate using the New-ExchangeCertifi cate cmdlet in the Exchange Management Shell. In order to request a certifi cate using this cmdlet, type: New-ExchangeCertifi cate –GenerateRequest –FriendlyName “SSL Client Access to Exchange” –DomainName mobile.exchangedogfood.dk -path c:\certreq.txt If you’re going to issue a request for an SSL certifi cate with additional DNS names in the Subject Alternative Name property, you actually need to use the New-ExchangeCertifi cate cmdlet. For more information, see the Exchange 2007 Documentation at http://technet.microsoft.com/en-us/library/aa995942.aspx. Okay, now that I have a pending certifi cate request, what certifi cate authority provider should I use? Well, if you want a good and extremely cheap SSL certifi cate, trusted by 99 percent of all browsers as well as all Windows Mobile 5.0 devices on the market, I can highly recommend GoDaddy (www.godaddy.com). Unfortunately, they don’t support adding additional DNS names in the Subject Alternative Name property, however. Here you can get an SSL certifi cate for a mere $20 per year. I don’t think you’ll fi nd it much cheaper anywhere else. When you have decided on which certifi cate authority provider you want to use, you’ll need to send the certreq.txt fi le to them. I won’t go into detail on how this is accomplished since this process is different from provider to provider, and because each provider typically has very detailed information about how you do this. When you have received the SSL certifi cate from the certifi cate provider, you need to perform the following steps: 1. Log on to the Exchange 2007 Server on which the Client Access Server role is installed. 2. Click Start | All Programs | Administrative Tools and select Internet Information Services (IIS) Manager. 254 Chapter 5 • Managing the Client Access Server 6. Specify the path to the certifi cate fi le or the fi le containing the Certifi cate Authority response, and then click Next. 7. Specify the SSL port that should be used (443), click Next and then Finish to exit the IIS Certifi cate Wizard. 8. Now that we have installed the SSL certifi cate we can enable SSL on the Default Web Site. This is done by clicking the Edit button shown back in Figure 5.9, and then checking the option button Require secure channel (SSL), as shown in Figure 5.13. 9. Click OK twice and exit the IIS Manager. Figure 5.12 Processing the Pending Request 3. Expand <Server name> (local computer) | Web Sites, and then open the Property page for the Default Web Site. 4. Click the Directory Security tab and select the Server Certifi cate button. 5. Select Process the pending request and install the certifi cate, as shown in Figure 5.12, and then click Next. Managing the Client Access Server • Chapter 5 255 Adding the RPC over HTTP Proxy Component Next, we need to install the RPC over HTTP Proxy component on the Exchange 2007 Server on which the Client Access Server role has been installed. Since this is a standard Windows 2003 Server component, you install it using the following steps: 1. Log on to the respective Client Access Server. 2. Click Start | Control Panel, and then open Add or Remove Programs. 3. Click Add/Remove Windows Components. 4. Select Network Services and then click the Details button. 5. Check RPC over HTTP Proxy, as shown in Figure 5.14. 6. Click Ok | Next and let the installation complete. Figure 5.13 Enabling SSL on the Default Web Site 256 Chapter 5 • Managing the Client Access Server Enabling Outlook Anywhere With the SSL certifi cate in place and the RPC over HTTP Proxy component installed, we can move on and enable Outlook Anywhere. In order to do so, perform the following steps: 1. Open the Exchange Management Console, then expand the Server Confi guration work center and select Client Access. 2. Click the Enable Outlook Anywhere link in the Action pane. 3. In the Outlook Anywhere wizard that appears, type the external host name for your Exchange organization, as shown in Figure 5.15. Figure 5.14 Installing the RPC over HTTP Proxy Component . 253 11. Now enter the respective geographical information and click Next. 12. Specify the path and fi le name to save the certifi cate request, and then click Next. 13. Verify that the information in. 5.9, and then checking the option button Require secure channel (SSL), as shown in Figure 5.13. 9. Click OK twice and exit the IIS Manager. Figure 5.12 Processing the Pending Request 3. Expand. Web Sites, and then open the Property page for the Default Web Site. 4. Click the Directory Security tab and select the Server Certifi cate button. 5. Select Process the pending request and install