Hi guys,

I've got a 4-servers (All of them CAS/MBX) Exchange 2013 organisation and in front of them there's an F5 load balancer for SMTP and CAS traffic.

I have to apply the new certificate for SMTP & IIS and the LB needs to have the certificate applied as well.  My question is: Should I renew the cert in the Exchange server firsts or in the Load Balancer first?

I don't want to have downtime at all.

Thanks.

Hi Frank,

The Certificate generation will start from Exchange Server and hence needs to be Completed on the Exchange Server first.

Enable the Services for the new certificate on Exchange

Post that Export it from EAC and Import it to the Load Balancer.

Any changes to IIS will cause an app pool recycle. You don't have to worry about the downtime as this will be transperent to end users.

However you should do this during off working hours, to minimize any issues that you come up with.

As sometimes you need to do a IISReset to get things running.

https://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2013.htm