I'm about to install my first OWA server onto an existing IIS server. The server does not currently have any SSL certificate. The intent is to make an SSL site for OWA that is accessible to the Internet. The OWA/IIS server will be inside the firewall (naturally) accessing Exchange on a different box. Exchange 5.5 SP3, IIS 4.
So this is my intended ordering of The Things That Need To Be Done: 1. Install all security patches 2. Install IIS lockdown/URLscan, with provisions needed to permit OWA operation (Q309508) 3. Generate SSL key pair, generate certificate from cert server (another machine), and install cert. 4. Create new SSL web site for OWA 5. Install OWA from 5.5 CD to site created in step 4 6. Patch OWA to SP3 Is this the correct order and is anything major missing? One thing I'm not sure of is whether the OWA install can create the SSL web site, and if so, then step 4 isn't needed. I don't want OWA availability on port 80, ever. Also, I know 5.5 SP4 is out there, but I'm under time constraint, and 5.5 SP3 is doing OK otherwise. Unless there major goofs relative to OWA fixed by SP4, I'd just as soon leave well enough alone. Thanks all, Carl Houseman List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
