Hi there. We have a two server Exchange 2010 set up: One internal server that is the Client Access and Hub Transport and an external server that is our Edge.
We have an SSL certificate from a public CA we want to present when users log in to OWA/Autodiscover/etc. We would also like to have TLS connections using an SSL cert between external SMTP servers and of course, a cert is needed to handle the Edge subscription between Edge and the Hub.
When trying to use the same certificate for these use cases, Exchange will throw an error saying: "Sharing the same certificate between Edge and Hub Transport servers is not allowed."
What's not clear from searching around is what the best practice is here: Use a public CA cert for OWA/Autodiscover/etc., and use a self-signed for SMTP/TLS? Wouldn't it be advantageous to use a public CA cert for SMTP connections between external SMTP servers? Should we buy two certs then for this case?
Thanks in advance!