To install your SSL certificate, you will need to do the following:
Open Internet Information Services Manager, or the custom MMC containing the Internet Information Services snap-in.
Expand Internet Information Services (if needed) and browse to the Web site you have a pending certificate request on.
Right-click on the site and then click Properties.
Click the Directory Security tab.
Under the Secure Communications section, click Server Certificate.
On the Web Server Certificate Wizard, click Next.
Choose to Process the Pending Request and Install the Certificate. Click Next.
Type in the location of the certificate response file (you may also browse to the file), and then click Next.
Read the summary screen to be sure that you are processing the correct website security certificate, and then click Next.
You will see a confirmation screen. After reading this information, click Next.
Now you have installed the SSL Certificate you must assign it in Exchange:
Using the Internet Services Manager, open the properties for the Exchange virtual directory.
Select the Directory Security tab and the click on the Edit button in the Secure Communication section.
In the Secure Communications dialogue box, check the box Require Secure Channel (SSL), you could also check the box Require 128-bit encryption, if you do check the 128-bit checkbox, any browsers that do not support 128-bit encryption will be unable to connect to OWA.
Now when users enter http://www.yourdomain.com/exchange, they will receive an "HTTP 403.4 – Forbidden: SSL required Internet Information Services" error message, because we have configured OWA to require SSL. SSL uses the HTTPS protocol, so users would need to enter the url as:
Microsoft has written an article about forcing the use of SSL with OWA: