By default, when you require an SSL certificate in IIS on an Exchange server, if users hit the page without providing an https:// in front they will get an error. Rather than require certificates, it’s better in most cases to redirect unsecured traffic to a secured login page. In order to do so, first configure the redirect. To do so, open IIS Manager and click on the Default Web Site.
At the bottom of the pane for the Default Web Site, click Features View if not already selected.
Then open HTTP Redirect. Here, check the box for “Redirect requests to this destination” and provide the path to the owa virtual directory (e.g. https://krypted.com/owa).
In the Actions pane to the right of the screen, click Apply. Then click on Default Web Site again and open the SSL Settings pane. Here, uncheck the box for Require SSL.
Next, edit the offline address book web.config file on the CAS, stored by default at (assuming Exchange is installed on the C drive) C:\Program Files\Microsoft\Exchange Server\\ClientAccess\oab. To edit, right-click web.config and click Properties. Then click Security and then Edit. Under Group, click on Authenticated Users. Then click Read & execute for Authenticated Users in Permissions. Then click OK to save your changes.
Finally, if you have any issues with any messages not working, start the IIS Manager. Then browse to the virtual directories and open HTTP Redirect. Then uncheck “Redirect requests to this destination” and click Apply. When you’re done, restart IIS again and test the ability to send and receive emails to make sure that mail flow functions without error from within the web interface.