We are replacing our 2003 Exchange Front End Server Role with TMG 2010. In our first attempt we put an SSL certificate on the TMG 2010 and published OWA.
We used an existing certificate that we had already installed on the Front End Exchange Server 2003. It has "Webmail.Company.Com". We assumed we had to use the same certificate that was on the Front End Server for the TMG 2010 server.
We published OWA and everything seemed to be working but we couldn't connect to the backend exchange server.
The errors seemed to indicate that there was no SSL communications between the TMG and the Back End Server.
But when we had the Front End server running we didn't have SSL between the Front End Server and the Back End Server, since we couldn't put SSL through our Firewall.
Do I need to install the same SSL certificate on the Back End Server?
The name on the existing certificate doesn't include the back end server's common or FQDN, only the front end server name space.
It seems maybe I over estimated the capabilities of the TMG program before trying to implement this solution.
Any advice would be greatly appreciated.