How to Configure SSL for Exchange ActiveSync

Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.


Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3

This topic explains how to configure Exchange ActiveSync virtual directories to use Secure Sockets Layer (SSL). By default, when you install the Client Access server role on a computer that is running Microsoft Exchange Server 2007, an Exchange ActiveSync virtual directory is created on the default Internet Information Services (IIS) Web site on the Exchange server.

After you obtain an SSL certificate to use together with the Client Access server on the default Web site or on the Web site where you host your Exchange ActiveSync virtual directory, you can configure the Web site to require SSL. You can enable SSL for all Web sites that are hosted by the Client Access server or enable SSL only for Exchange ActiveSync.

Configuring an Exchange ActiveSync virtual directory to use SSL is just one step in managing security for Exchange ActiveSync. For more information about how to manage security for Exchange ActiveSync, see Managing Exchange ActiveSync Security.

Before You Begin

To perform the following procedures, the account you use must be delegated the following:

  • Exchange View-Only Administrator role

  • Membership in the local Administrators group

For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.


Before you perform this procedure, read Managing Client Access Security.


To use Internet Information Services (IIS) Manager to configure SSL on the Exchange ActiveSync virtual directory

  1. In Internet Information Services (IIS) Manager, select the Default Web site or the Microsoft-Server-ActiveSync virtual directory, and then click Properties.


    If you want to configure SSL only for Exchange ActiveSync, select the Microsoft-Server-ActiveSync virtual directory under the Default Web site. Otherwise you will configure SSL for all virtual directories that are hosted on the Client Access server.

  2. On the Directory Security tab, in Secure Communications, click Edit.

  3. In Secure Communications, select Require Secure Channel (SSL).

  4. After you complete this procedure, your Exchange ActiveSync virtual directory on the Web site is configured to use SSL.

For More Information

For more information about Exchange ActiveSync security, see the following topics: