Reverse proxy for OWA with different external and internal certificates



  • Hi,

    Sorry if I've missed this in the forum but scratching my head on how to do this (if its possible). I have an Exchange 2016 server that for policy reasons have an internally-signed digital certificate….works great, no errors as the internal root CA cert is imported on all internal clients.

    I now have a requirement to publish OWA for remote workers and for that I've purchased a digital cert. I've set up PfSense with Squid as a reverse proxy and have configured the reverse proxy general settings. In the General Settings, I've assigned the public cert as the "Reverse SSL Certificate" and I've configured the OWA settings.

    Now, I can get to my logon screen but it's pushing the internal cert and not the one that I designated as the reverse ssl cert. Its not desirable in this deployment to install the public cert on the Exchange server so can't take the easy way out on this one. I know that with other reverse proxies (Apache, ISA) you could do SSL termination to non-SSL systems behind them and I think I've seen examples where you could do SSL-SSL bridging so wondering if there is a way to do this on PfSense - any help appreciated....thanx.



  • Oh, ok - figured it out….Squid has to listen on loopback (Reverse Proxy interface), NAT rule has to redirect to loopback (Redirect target IP), and NAT reflection has to be disabled (not 100% sure on this one but will test some more).

    After that, seems to work ok - only issue I'm running into is getting an automatic redirect to the /owa folder - if anyone has anything on that I'd appreciate the info - thanx.