I know how to set this up for a single CA server but... what if I was managing two or more CAS? Could I use the same cert on both (or all) CAS? I would have to import the root or intermediate cert of the CA providing me with the SSL cert, correct? And I would either: 1. Have to avoid using any host names on the cert, i.e. CAS01.contoso.com or 2. Make sure ALL the names are on the cert, even if that means paying for a cert with 5-10 (etc) possible subject alternate names. Does that sound right?

Yes, use the same cert on all your CAS. You may or may not need to install the root or intermediate. It depends on whether your OS already has it. Make sure all the names are on the cert. This is the prefered method.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com