hi all 1. If i'm not mistaken, renewing certificate in CAS/HUB doesn't require new edge subscription? 2. If I renew my certificate in an array of Edge, do I need to make a request from each edge server? 3. When A new edge subscription is done, is it fine to restart just the transport and force the replication?

Hi 1. Unless you have enabled this certificate for SMTP on the Hub/CAS then you are correct. If this is the SMTP certificate that the hub is using then you will need to resubscribe. 2. If you are using a public certificate here then no. If it is self signed or from your CA then yes. 3. You can run: Start-EdgeSynchronization. It's best practice to enable a self signed cert on the hubs and edges unless you are doing mutal TLS with a external domain in which case you would put the public cert on the edges. Cheers, Steve

Hi 1. Unless you have enabled this certificate for SMTP on the Hub/CAS then you are correct. If this is the SMTP certificate that the hub is using then you will need to resubscribe. 2. If you are using a public certificate here then no. If it is self signed or from your CA then yes. 3. You can run: Start-EdgeSynchronization. It's best practice to enable a self signed cert on the hubs and edges unless you are doing mutal TLS with a external domain in which case you would put the public cert on the edges. Cheers, Steve

I just need to understand the overview. I am planning to renew the certificate on the edge array. I will generate there request from one of the arrays into an internal CA. After this, I will import the certificates. Then I activate array1 and use SMTP service to the cert. Currently I don't have TLS communication on send connector. at this point, array2 is still using the old certificate. Now I will have to subscribe to new edge subscription to the new edge. From here, do I need to perform this on both CAS/HUB1 and CAS/HUB2 or only one will do? Then I will proceed to be doing this on Array2, then subscribe again. Should CAS/HUB use the same certificate for SMTP to support TLS? Thanks.

Hi You only need to and the subscription for each edge to one of the hubs. The certificate in use should be different on the edges and the hubs otherwise edgesync will not work. The servers use the certificate to authenticate themselves so it cannot be the same. Read more here: http://technet.microsoft.com/en-us/library/aa995991.aspx and here: http://technet.microsoft.com/en-us/library/aa997438.aspx Cheers, Steve