I've been reading various articles on setting up Exchange 2010 SSL Offloading using hardware load-balancers but I haven't yet found a definitive answer. My Query: If SSL Offloading is configured on the Exchange servers in a CAS array using a public UCC cert on a hardware load-balancer, does the cert also have to be installed on the Exchange servers as well? Can the existing certs on the Exchange servers be removed given that SSL encryption has been offloaded? I am hoping that the use of the SSL offloading would allow the purchase of a single public cert (cheaper) rather than multiple licenses for the cert across the Exchange server & load-balancer. Clarification on this would be appreciated.

Most SSL providers allow the certificate to be used across multiple systems without any additional fees. If your provider doesn't, then I would look for another provider. You cannot run Exchange without SSL certificates. If you attempt to do so, Exchange will simply generate its own. That shouldn't cause too many problems, as long as all traffic is going to the load balancer. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources

I've been reading various articles on setting up Exchange 2010 SSL Offloading using hardware load-balancers but I haven't yet found a definitive answer. My Query: If SSL Offloading is configured on the Exchange servers in a CAS array using a public UCC cert on a hardware load-balancer, does the cert also have to be installed on the Exchange servers as well? Can the existing certs on the Exchange servers be removed given that SSL encryption has been offloaded? I am hoping that the use of the SSL offloading would allow the purchase of a single public cert (cheaper) rather than multiple licenses for the cert across the Exchange server & load-balancer. Clarification on this would be appreciated. ifi may rephrase the question as if i have configured client SSL on the load balancer side do i have to configure server SSL as well and by consulting my load balancerprovider that will degrade the performance a bit so if exchange cannot work without ssl i think the best solution is to not offload SSL and just let it through the Load balancer, unless we are doing ssl inspection through it Kindly advise on the matter thanks in advanced