hi guys, I've got this current situation : 2 CAS server doing HA in a NLB, 2 HT, 2 MBX, 2 Edge and 2 ISA doing NLB to publish OWA and RPC..so I request cert from my CAS01, and already import + enabled the IMAP, IIS, POP services. then I go to HT01 to enabled SMTP services, is it correct to export the cert (*.pfx) and import from HT01 then I have to enabled the SMTP services? Do I have to import from other server : CAS02, HT02 and enabled the appropriate services? how do I disabled the selfsigned service ? I'm using the enabled-exchangecertificate -thumbprint <thumbprint> -services none , but I don't get the services disabled ? Do I have to export it to ISA01 and ISA02? I don't have to export to Edge and MBX right? sorry for the noob question, thx.. rgds, Krisna

Ans: 1: Yes you have to enable certificate for other CAS and HUB also 2: There is no reason to remove the self signed cert. Once you have generated the new csr using the powershell you will then just install and enable the new cert, also using the powershell. 3: For ISA you have to enable cetificate if you have taken from internet CA 4: YesAnil

Ans: 1: Yes you have to enable certificate for other CAS and HUB also 2: There is no reason to remove the self signed cert. Once you have generated the new csr using the powershell you will then just install and enable the new cert, also using the powershell. 3: For ISA you have to enable cetificate if you have taken from internet CA 4: Yes Anil humm, for answer number 2 I'm still a little bit confuse because if I don't remove the self signed cert then I import the internet CA then enabled it, when I get-exchangecertificate there's two SMTP/IMAP/IIS/POP services enabled? is it gonna be a problem? for ISA, I only import the *.pfx, how do I enabled it?from the rule publishing?rgds, Krisna

Hi, For question 2: it won't be a problem. "In most cases, Exchange selects a certificate issued by a trusted CA over a self-signed certificate regardless of the age of the certificate " More information: Certificate Use in Exchange Server 2007 http://technet.microsoft.com/en-us/library/bb851505(EXCHG.80).aspx If you really don't want to see self signed certification again, you can remove it. Remove-ExchangeCertificate http://technet.microsoft.com/en-us/library/aa997569(EXCHG.80).aspx By the way, I think there is only one IIS services enabled. Frank Wang