ISA server and OWA publishing are like two best friends and it is something most administrators like to configure on ISA Server, infact it is also true for other exchange services like Activesync and Outlook anywhere.
In this post I would explain OWA publishing
Certificates for SSL connection
A. On CAS/Front End exchange server
As we are going to use ssl connection for OWA access we would require certificate to establish the SSL channel. We need to install a certificate on the CAS( IIS) server and bound to the default website and Issued to the website name.Since CAS(IIS) server is internal to network and internal users would also access it and most probably would use internal name of the server to access OWA internally so better approach would be to use FQDN of the CAS server to issue certificate to, in my case it is issued to CorpA08.corpa.local.
We need to install the rootCA certificate on the CAS server in the computer trusted authority store
Note: I m taking the best approach route here since I am not using SAN certificate or wild card certificates ,moreover we are only focusing on OWA in this post. I will write another post about what possible combinations we can have about the certificate that we can have on the CAS server.
B. On ISA server
We need to install a certificate on the ISA server and issued to the website name in this case it is issued to mail.corpa.com
We need to install the rootCA certificate on the ISA server in the computer trusted authority store
In this walk though we will first go through the OWA publishing wizard and where we will need to create listener for the web publishing rule we would go through that and then complete the publishing rule.
So we would launch the OWA publishing wizard as shown below
choose exchange web client access publishing rule and we will have the following screen
Give name to the rule and move next we will get what services to select and version of exchange server
in my case I m using Exchange server 2007 and publishing OWA so I chose exchange server 2007 and selected OWA and after selecting OWA other options would grey out
and moving next we will get following
choose first option since we are not publishing a web farm and move next
since we will use SSL connection so lets choose first option for ssl and move next
Then enter the name(FQDN) of the CAS server for internal site name and its IP address then move next
Then enter the public name that we are going to use externally to access OWA in my case its mail.corpa.com and move next
Now we will create the listener to be used in this publishing rule ,click on new and we will get following screen
name the listener and then move next
use ssl since we are going to choose ssl connection
Choose External network where we are going to listen for the OWA requests and then clisck on the select IP addresses button to choose the IP address on the External NIC as shown below
highlight the IP address and then click on the add button to add the IP address as shown below
then click on OK and then we will get the following screen to select the certificate to be used for SSL connection
click on select certificate and we will get following screen where we will choose the certificate corresponding to our public name for OWA which is mail.corpa.com.
then click on select and we will see following screen then move next
and we get the screen to choose the authentication method
since I m using Form based authentication method so I chose HTML Form Authentication with windows (Active Directory) and then move next
since we are not using single sign on we would uncheck Enable SSO option and move next
and the we will get listener completion screen and here we will click on finish and will get following screen after choosing the newly created listener in the to be used in the rule then move next
we will get authentication delegation screen where we choose authentication method as per the authentication method used on the CAS server for OWA access in our case we have basic on the CAS server for OWA access so we are using Basic authentication, after choosing the method move next
on users page choose all authenticated as shown below and move next
finaly we will get the completion page shown below
click finish and we are ready to access OWA through the ISA server.