Apply certifcate for DAG Exchange 2010 servers

We have two Exchange servers EX1 and EX2  in DAG and a TMG gateway.

Suppose I finish applying the SAN certificate on EX1. How can I then load the certificate on EX2.

Inaddition, how to load this certificate on TMG ?

Great Thanks.
Who is Participating?
MaheshConnect With a Mentor ArchitectCommented:
Why your DAG server require SAN certificates ?
SAN certificate required by CAS servers...
You can apply certificate to all servers in CAS array at once through Exchange MMC
You need to export exchange certificate on CAS server in .pfx format and need to import on TMG server.
Then you need to create Web listener on TMG to publish OWA
Please check below articles for how to import certificates and create web listener:

Step by step publishing OWA with TMG
Peter HutchisonConnect With a Mentor Senior Network Systems SpecialistCommented:
Run mmc, add the Certificates snap in for the Local MAchine, then you can view the certificate under Personal, Certificates and export it to a PFX file (you need to include the private certificate).
Then you can copy the PFX file to EX2 and import it there and the same for the TMG.
Simon Butler (Sembee)Connect With a Mentor ConsultantCommented:
You can also use the Exchange Management Console to export and import the certificate.
If you use the Exchange management tools you can do everything from a single machine.

The only thing you may have to do on the second machine is install any root or intermediate certificate supplied by the SSL vendor.

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

AXISHKAuthor Commented:
All roles are installed on a Exchange server. And two exchange run in DAG.
AXISHKAuthor Commented:
"You can apply certificate to all servers in CAS array at once through Exchange MMC".

How to do this ?

Actually, what my plan is
1. Run New-ExchangeCertificate -GenerateRequest to generate a .req file.
2. Submit the certificate to VeriSign.
3. Import the certificate to EX01.
4. My question is how to load the certificate to EX02 ? As I plan to apply a SAN certificate, I can include the EX02 name in the certificate.

Appreciate to give me more information on this.

Great tks
Its not advised to install CAS and mailbox server roles on same server.
Once you get the certificate from verisign, you can just right click pending cert request in EMC and click on "Complete pending request".
Once scertificate impotrted on Exchange server, assign that certificate to Exchnage services, at this time wizard will allow to select all exchange servers (CAS Servers) from list.
Please check below arfticle for step by step instruction

Hope that helps
Simon Butler (Sembee)ConsultantCommented:
@ MaheshPM "Its not advised to install CAS and mailbox server roles on same server."

Really? Where does it advise that? only - not any forums. Anything else isn't a primary source.

The best practise is to have all of the roles on the same server.

The only people who want to split CAS from the mailbox role are those that want to use the Windows NLB - which the Exchange product team don't recommend.

You may install all Exchange server roles on single server.
Nobody will stop you.
I am sure that companies having midsize to big setup definitely seperate the exchange roles
For testing \ small size organizations which may not afford multiple servers can do all roles on single server
Why should I look for other sources when I am getting product information from product manufacturer?
Simon Butler (Sembee)ConsultantCommented:
You said it isn't advised to put all of the roles on to the same server. I asked you to provide evidence of that advice.

I can tell you right now that for all installations, including the biggest, that isn't the case.

I sit on a group with some of Microsoft's biggest customers (100,000 plus) and all of them have all roles on all servers. This has even been noticed by Microsoft with the dropping of the hub transport role in Exchange 2013. The functionality of CAS has also been changed because of this new model.

Every design I do has all roles on all servers, and has been the case for over two years.

Below is the MS article which provide you information about role seperation
Below MS article explains about HUB and CAS Together (Not Mailbox)

"Its not advised to install CAS and mailbox server roles on same server" is my earlier comment. Unfortunately I have not found MS article recommendation to put CAS + Mailbox on same server.

Also found below link for multirole servers recommendations which is not practicable in all scenarios.

You are talking about Exchange 2013, still microsoft has kept 2 Roles atleast,
even in Exchange 2003 also there is Frontend - backend servers ?
Then why Microsoft has not published Exchange without any role in Exchange 2013?

If I have exchange design with 10 Servers, why should I install all server roles on all servers where may be as per design calculations, 4 servers (Hub + CAS) are enough for client connectivity and 6 mailbox servers in DAG are enough to load balance mailboxes ?
If I install CAS on all 10 servers, then I would require 10 SSL certs
Now you might ask me to deploy 6 servers with all roles ?
Instead of installing all roles on all servers, I will prefer to simplify deployment by seperating roles with HA.
This will also help me in case of troubleshooting, performance, management, administration, security, simplicity, recovery, role seperation.
One suggestion\recommendation cannot be useful in all situations.
Now I request you to please stop this debate as the topic has changed dramatically from original post.
At least I will stop commenting on this topic now.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.