Note:
Before starting you must know that if you’re going to use the same Public IP (WAN) for Pfsense for Exchange Web service then you must set Pfsense to use a non-standard HTTP/HTTPS port.
First thing, we will have to install Squid 3 plugin to Pfsense
I will click on the Plus sign + next to the Squid3 package to install it.
Now we will have to export the Certificate from our Exchange and import it to the Certificate store in Pfsense.
Now I’ll click on the + on the CAs to import the Certification Authority root certificate
I opened the CA certificate in Notepad++ and copied it all then give it a name and clicked on Save
After clicking on Save here is what I got.
Now I will add the Exchange’s personal certificate and Key and use Digicert’s tool to export the key as in the following screenshot
Now I’ll go back to Pfsense’s portal to the Certificate section to add the Exchange’s certificate, I will go to Certificates tab and click on the + sign to add the cert.
I added the Cert’s code data and the cert’s Key as well, and after I clicked on Save here’s what it looks like.
Now I will go on the reverse proxy tab and configure it for Exchange. First thing I should do is Enable HTTP and HTTPS ports and choose the certificate for Exchange.
Here I have enabled all the ports and choose the right certificate, I will also import the Intermediate certificate in case it was needed.
I will go back to the Exchange Server where I have all the certificates and export the Intermediate Certificate
In order to know the intermediate Certificate, I will go to the MMC and click on the personal certificate and check it’s path.
I will double click on the certificate and check its certification path
Opening the Intermediate certificate store.
I will use MMC Wizard to export the Certificate with Base 64 Encoded option.
After I exported
Now I will enable OWA and fill the information related to it as following.
Next I will go to the firewall (NAT) part to configure the required ports and IPS. Click on Firewall tab and NAT
I will only need to configure the port 25 and 443 since I have a certificate already and want to use HTTPS instead of http.
Here ıs what my firewall looks like right now.
Note: On Exchange server the default gateway should be the LAN IP of
I will save this rule and check if I can browse to OWA from my browser, note that I am connecting remotely and I have Exchange server hosted on hyper V from a different place.
WHOA, It works without any issues but still I’ll sign in and make sure I can still login without any problem.
Now it’s time to make sure that Active Sync is working properly as well. I will first of all test active sync with Remote Connectivity Analyzer www.testexchangeconnectivity.com or https://testconnectivity.microsoft.com
I will have to go to Exchange
Then here I will enter my credentials as you can see below
Test will take about 15-30 seconds to finish
Then here it will show the expected result.
Hope this would be useful for anyone.
Before starting you must know that if you’re going to use the same Public IP (WAN) for Pfsense for Exchange Web service then you must set Pfsense to use a non-standard HTTP/HTTPS port.
First thing, we will have to install Squid 3 plugin to Pfsense

I will click on the Plus sign + next to the Squid3 package to install it.



Now we will have to export the Certificate from our Exchange and import it to the Certificate store in Pfsense.

Now I’ll click on the + on the CAs to import the Certification Authority root certificate

I opened the CA certificate in Notepad++ and copied it all then give it a name and clicked on Save

After clicking on Save here is what I got.

Now I will add the Exchange’s personal certificate and Key and use Digicert’s tool to export the key as in the following screenshot

Now I’ll go back to Pfsense’s portal to the Certificate section to add the Exchange’s certificate, I will go to Certificates tab and click on the + sign to add the cert.


I added the Cert’s code data and the cert’s Key as well, and after I clicked on Save here’s what it looks like.

Now I will go on the reverse proxy tab and configure it for Exchange. First thing I should do is Enable HTTP and HTTPS ports and choose the certificate for Exchange.

Here I have enabled all the ports and choose the right certificate, I will also import the Intermediate certificate in case it was needed.

I will go back to the Exchange Server where I have all the certificates and export the Intermediate Certificate
In order to know the intermediate Certificate, I will go to the MMC and click on the personal certificate and check it’s path.

I will double click on the certificate and check its certification path

Opening the Intermediate certificate store.

I will use MMC Wizard to export the Certificate with Base 64 Encoded option.

After I exported

Now I will enable OWA and fill the information related to it as following.

Next I will go to the firewall (NAT) part to configure the required ports and IPS. Click on Firewall tab and NAT

I will only need to configure the port 25 and 443 since I have a certificate already and want to use HTTPS instead of http.

Here ıs what my firewall looks like right now.

Note: On Exchange server the default gateway should be the LAN IP of
I will save this rule and check if I can browse to OWA from my browser, note that I am connecting remotely and I have Exchange server hosted on hyper V from a different place.

WHOA, It works without any issues but still I’ll sign in and make sure I can still login without any problem.



Now it’s time to make sure that Active Sync is working properly as well. I will first of all test active sync with Remote Connectivity Analyzer www.testexchangeconnectivity.com or https://testconnectivity.microsoft.com
I will have to go to Exchange

Then here I will enter my credentials as you can see below

Test will take about 15-30 seconds to finish

Then here it will show the expected result.


Hope this would be useful for anyone.