My Verisign SSL certificate, (for OWA), is expiring on my CAS servers, and I am in the process of generating the new CSR. I have 2 CAS servers using NLB and the same cert is installed for IIS on both servers. My question is: Should I a completely NEW csr, using the new-exchangecertificate -generaterequest comandlet, or should i call out the old cert first? New-ExchangeCertificate -GenerateRequest or Get-ExchangeCertificate -Thumbprint xxxxxxxxxxxxxxxxxxxxxxx |New-ExchangeCertificate -GenerateRequest Is there any benefit in referencing the old certificate? The options I see at the verisign site are "renew" or "Replace". Thanks Nova

You should ask this to Verisign support if they can renew the same cert ideally it should be new cert for your CAS servers. Install new cert and enable required services for new cert. Best Rgds, Ashish | Unified Comunication | MCTS | MCITP | Please remember to select option "Propose As Answer" if solution work for you | My posts hold no assurances, no promises, and they measured no rights.

Thank you Ashish. That is what i will do. I just wanted to be sure there was not a downside to using a new cert, since when I re-gen the self signed certs for internal use, I start with the thumbprint of the existing cert. Thanks again. Brent