Extended Validation SSL Certificates, also known as EV Certificates, provide the strictest validation requirements to prove to your customers that your site is not a phishing or fraudulent website, and that it's safe to proceed on your website.

1. Open Internet Services Manager from your Administrative Tools

2. Open the Properties for the Web Site that is hosting OWA (normally the Default Web Site)

3. Select the Directory Security tab and click Server Certificates
4. You will now be presented with the Pending Certificate Request dialog box (below), select Process the pending request and install the certificate, click Next



5. The Process a Pending Request dialogue box will appear (below), navigate to the site certificate that you received, and click Next


6. You will now be presented with the Certificate Summary (below), click Next

7. Click Next.

Install the intermediate certificate
You have now installed the SSL certificate into our web site. Next, you’ll need to enable SSL for OWA.

1. Using the Internet Services Manager, open the properties for the Exchange virtual directory

2. Select the Directory Security tab and the click on the Edit button in the Secure Communication section
3. In the Secure Communications dialog box (below), check the box Require Secure Channel (SSL). You can also check the box Require 128-bit encryption. If you do check the 128-bit checkbox, any browsers that do not support 128-bit encryption will be unable to connect to OWA



4. When users enter, they will receive an "HTTP 403.4 - Forbidden: SSL required 

5. Please see the Microsoft article regarding forcing the use of SSL with OWA:  Click here 

6. Finally, ensure that your Firewall is configured to allow HTTPS (port 443 by default) to pass through