Hi, I have done CSR on 1 of CAS and submitted to CA in order to get the cert. Thereafter, imported the cert to 1 of the CAS then export it for the rest of CAS and TMG. Now, I am thinking to use same cert to import 2 * HT for TLS. Is it possibel? Any KB for this?Kelvin Teang

Hi, If it is a SAN cert with the required FQDN's for your Hub Transport servers then yes this is supported, import the cert to the Hub Transport Servers and enable the cert for SMTP, it will then automatically be used should the common name or SAN names match an FQDN set on your recieve connectors. OliverOliver Moazzezi | Exchange MVP, MCSA:M, MCITP:Exchange 2010, BA (Hons) Anim | http://www.exchange2010.com | http://www.cobweb.com | http://twitter.com/OliverMoazzezi

Hello, You can use the same certificate if only all the necessary server name is included in the certificate. Thanks, Simon

Hello, You can use the same certificate if only all the necessary server name is included in the certificate. Thanks, Simon

Hi Simon/Oliver, Is it possible to use wildcard cert? if yes, how to use FQDN for Hub? eg. my wildcard is *.ABC.com and hub FQDN is hub1.ABC.local.Kelvin Teang

Hi Simon/Oliver, Is it possible to use wildcard cert? if yes, how to use FQDN for Hub? eg. my wildcard is *.ABC.com and hub FQDN is hub1.ABC.local. Kelvin Teang Hi Kelvin, You want to use a SAN (Subject Alternative Name) cert ideally which allows you to use different TLDs (top level domains, example contoso.com, tailspintoys.com) However you do have a few options, normally you will have a public DNS name for recieving smtp, something like smtp.contoso.com, you can just add this to your public cert and leave your existing self signed ones to internal hub transport server communication. That's fully supported - just ensure both certs are enabled for SMTP and then have the required fqdns on the correct recieve connectors So your default recieve connector will have an fqdn of 'hub1.ABC.local - it will use the existing self signed cert. You have an internet recieve connector with an fqdn of smtp.contoso.com - it will use the certificate that has that as a common or san name, in this instance your public cert. OliverOliver Moazzezi | Exchange MVP, MCSA:M, MCITP:Exchange 2010, BA (Hons) Anim | http://www.exchange2010.com | http://www.cobweb.com | http://twitter.com/OliverMoazzezi