I'm making a new Ex2010 environment. Yes, the client knows about Exchange 2013.
I have a Netscaler up-front for access from outside, but it's only in the DMZ, not available from the inside. I can configure the Netscaler to handle SSL Offload, but can I still also use SSL on the inside afterwards? I know to make SSL Offload work, I have to disable the requirement for SSL on all the IIS sites and VirDirs, etc. But there's a few steps where you go into web.config (for EWS and Autodiscover) and mangle the files to replace https with http.
I would prefer to continue using HTTPS for any connections that aren't coming from the Netscaler. Is that possible, or is this an only-one-or-the-other situation, from the POV of the Exchange CAS servers?
... Or, does this even matter much? All internal Outlook connections will be MAPI, if the clients fail over to Outlook Anywhere they'll be hitting the Netscaler anyway. Except for maybe autodiscover. Hm.
Aha. http://social.technet.microsoft.com/wiki/contents/articles/1267.how-to-configure-ssl-offloading-in-exchange-2010.aspx
After 2010 SP1, Exchange no longer requires mangling of the web.config file to disable SSL, so you can simply remove the requirement for SSL on all of the websites/VirDirs for Exchange, which still allows connections via HTTPS internally.