When SSL is enabled, both SSL and unencrypted requests to the OAB virtual directory are allowed. You can disallow unencrypted requests by performing the procedures that are detailed later in this topic.
To perform the following procedures, the account you use must be delegated the following:
For more information about permissions, delegating roles, and the rights that are required to administer Exchange Server 2007, see Permission Considerations.
Also, before you perform these procedures, be aware of the following:
To use Internet Information Services Manager to set up the default Web site for OAB to require SSL
To use the Exchange Management Shell to set up the OAB virtual directory to require SSL verification and to use an SSL-enabled (HTTPS) external Web site
Run the following command:
For example, to require SSL for the OAB default Web site with an external URL for the Contoso company, run the following command:
For detailed syntax and parameter information, see the Set-OABVirtualDirectory reference topic.
For More Information
To learn more about OABs, see Understanding Offline Address Books.
For more information about managing OABs, see the following topics:
For more information about the OAB virtual directory, see How to Create an Offline Address Book Virtual Directory.
Exchange 2007 SP1 Expected To Ship Later This Year Exchange 2007 aka 'The One That Got the Biggest