locked
Is it possible to configure exchange to point to a load balancer to deliver ssl cert RRS feed

  • Question

  • We currently have an exchange server that is configured with two client access / hub transport servers.  Let's call those owa1 and owa2, which contain IIS for Outlook web access.  owa1 and owa2 have expired ssl certs.  owa1 and owa2 are also old iis 6 servers, that don't easily understand modern sha2 certs.

    For web access, we decided to place owa1 and owa2 behind a load balancer, that holds the new ssl cert.  Let's call the load balancer webmail.  Webmail handles the https traffic, and provides the proper cert, and forwards the request to non-https on owa1 and owa2 ( balanced ).  It's function is to both balance load, and offload the ssl.  Webmail works perfectly.

    Our desktop outlook clients, that communicate with exchange, receive a warning upon startup that they are using an expired ssl cert.  That cert reports to be provided by one of the client access / hub transport servers, let's say owa1.  Is it possible to configure exchange to point to the load balancer, webmail, to deliver the ssl cert ( as well as possibly other webmail like tasks )?

    Tuesday, November 24, 2015 4:29 AM

Answers

All replies

  • What version, service pack and update level of Exchange?

    The correct way to do it would be to issue a new certificate request on one of the Exchange servers, then complete the request on that server.  Then export the certificate and import it on the other Exchange server(s) and the load balancer(s).


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!


    Tuesday, November 24, 2015 4:51 AM
  • Hi,

    As you expectation, it's worked.
    For your reference: http://social.technet.microsoft.com/wiki/contents/articles/1267.how-to-configure-ssl-offloading-in-exchange-2010.aspx

    For your question, we need new a certificate and import it on load balance for troubleshooting.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Allen Wang
    TechNet Community Support

    Wednesday, November 25, 2015 7:23 AM
    Moderator
  • Thanks for the link.  Looks very promising.  I'll update thread when we have a chance to try it.
    Wednesday, November 25, 2015 7:25 PM