How to Configure Certificate Based Authentication for OWA - Part I
Lately we have seen more interest in certificate based authentication with Exchange 2007 Outlook Web Access. Using certificates for authentication can be considered more secure because a user cannot gain access to the mailbox simply by knowing the user name and password. The certificate option prevents key loggers or other malware on a client machine capturing keystrokes to identify user account and passwords.
With a combination of a Certificate Authority, Exchange Server 2007 and ISA Server 2006 you can provide a certificate based authentication configuration with minimum changes to your current environment. A Windows 2003 Certificate Server, or your own
trusted third party certificate provider can be used to provide user certificates. The advantage of the Windows certificate server is it allows for the auto-enrollment and publishing of certificates to Active Directory.
This post will not cover more advanced topics on how to properly set up a PKI infrastructure, or install and configure ISA server. It assumes these prerequisites are already in place and functioning. This document covers configuring Exchange 2007 client access server to Exchange 2007 mailbox servers. The steps for configuring Exchange 2003 configuration can be found at http://technet.microsoft.com/en-us/magazine/cc137993.aspx. I will post a follow up to outline the steps needed for Exchange Server 2007 on Windows 2008 with IIS 7.