Hello people,
I have the following Exchange 2010 platform:
1 Exchange 2010 DAG with two servers
1 NLB HUB / CAS with two servers
1 Edge in DMZ
Forefront TMG with one publishing OWA.
My questions are regarding Exchange certificates. By default, I have Exchange self-signed certificates. I wanted to know what are the best practices for Exchange 2010 certificates.
I have the following nameservers:
ExchDAG1
ExchDAG2
ExchTCA1
ExchTCA2
And I have the following service names:
Internal OWA: https://mail.contoso.local/owa
External OWA: https://mail.contoso.com/owa
External ActiveSync: https://mail.contoso.com/
Outlook Anywhere: mail.contoso.com
AutodiscoverInternalUri:
https://mail.contoso.com/Autodiscover/Autodiscover.xml
In publishing the OWA on TMG, I have purchased a certificate with an external entity: mail.contoso.com
This certificate is installed on the TMG and configured on the OWA publishing rule.
What is the best practice for both servers HUB / CAS, which exports the same certificate I have in the TMG or to generate a certificate with multiple names in an internal CA?
In the HUB / CAS to services I have to assign this certificate?
Once assigned to the certificate services, I can safely remove the Exchange self-signed with the name of each server?
Thank you very much.