Hello, I use Exchange 2007, I have 2 HubCas, 2 Edge and 2 Isa servers. I need to renew my third party certificate (SAN Certificate) through the SAME provider. 1) I generated and submitted my CSR 2) I received my certificate generated as .crt file. 3) I should add my Intermediate Certificate --> However I see that the Intermediate Certificate is validated until 2020 and as I am renewing my certificate with the same provider! - Therefore, I wonder if I should leave that as is or if I have to do the import anyway?? 4) I Import the *.crt file as Exchange Certificate and enable the services "SMTP, IMAP, POP, IIS" on my HUBCAS1: Import-ExchangeCertificate -Path C:\your_domain_name.crt | Enable-ExchangeCertificate -Services "SMTP, IMAP, POP, IIS" - Do I have to restart my Exchange server (HUBCAS1)? - When I created the CSR it generated a selsigned certificate. Can I remove that certificate? 5) If I am correct I should export from my hibcas1 the certificate as *.pfx file and import it on my other HUBCAS 6) Still from that export, I should import it onto my 2 ISA servers and configure my ISA Server Management - I am using ISA 2006, Do I need to reboot my servers? Some websites have reported that ISA services won't send the intermediate certificate until after a reboot. Many thanks in advance to answer my questions. Graig

If your servers already contains the intermediate certificate, simply import the signed response you got from the cert provider otherwise import the intermediate cert to your servers first. you dont need to restart any services after you assign certificate to services same goes for ISA is you have all the CA cert already in place on it, so get all root and intermediate cert in place first and you should be fine. lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com

Hello, 1. Yes, just leave it as it is. 2. You may need to restart the IISadmin service. 3. Yes, you can remove it. 4. restart the IIS service. Thanks, Simon

Hello, 1. Yes, just leave it as it is. 2. You may need to restart the IISadmin service. 3. Yes, you can remove it. 4. restart the IIS service. Thanks, Simon

Thanks and sorry for late reply! I would need to comment that I have forgot to remove the Intermediate Certificate and install the new ones... CAn I still proceed?? What are the consequences?? Except the above step I skept. I have copied the certificate sent by my provider and imported it from the certificate console. I then enabled it from the powershell console and add the services. When I created the CSR It created another certificate (self signed certificate). When you import the certificate send by your provider that self signed certificate desepeared. I then exported and imported that certifiacte on the Hubcas and tested my OWA. I removed the certificate and then connect on my Isas server and import the cert then I configured my ISA console. I did not had to restart any services or servers. I only wonder whether I the missed step which was to forget to install the Intermediate Certificate matter or not...? Hope those information could help some of you and if you need more details please, do not hesitate to get back to me. G

Dont follow what you have done and what you didn't do, but you should have the new intermediate certificate installed before installing the bought certificate otherwise clients will react. Anyway, glad everything seems to work. You can verify your certificat installation with digicerts test, http://www.digicert.com/help/ lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com