hi, I have Exchange 2010 2 CAS server and 2 TMG with EDGE role server, i publish a OWA and outlook anywhere from TMG now the problem is my certificate has expired today and i want to renew it with below step but i run get-exchangecertificate i did get the expired certificate on both CAS server. if run same command on TMG with EDGE server its showing me the expired certificate. I have following setp to renew certificate. step 1 New-ExchangeCertificate -GenerateRequest -Path c:\ert_request.csr -SubjectName "c=US, o=company, ou=IT, cn=webmail.domain.com" -DomainName: ocb.domain.local, ocbomsrv18.domain.local, webmail.domainrealty.com, webmail.domainmall.com, webmail.domain-is.org, outlook.domainrealty.com, outlook, domainrealty.com, autodiscover.domain.LOCAL, autodiscover.domainrealty.com, autodiscover.domainmall.com, autodiscover.domain-is.org -KeySize 1024 -PrivateKeyExportable: $true step 2 certreq.exe -submit -attrib "CertificateTemplate:WebServer" c:\cert_request.csr step 3 Import-ExchangeCertificate -path c:\name.cer -friendlyname webmail.domainmall.com step 4 Enable-ExchangeCertificate -thumbprint <New Certificate thumbprint> -services IIS,POP,IMAP,SMTP step 5 Remove-ExchangeCertificate -Thumbprint <old Certificate thumbprint> Now please suggest me if any changes are required in this or after renewal i have to make changes in TMG server and outlook anywhere users machine. Regards sameerregards Sameer Shaikh

step 1 New-ExchangeCertificate -GenerateRequest -Path c:\ert_request.csr -SubjectName "c=US, o=company, ou=IT, cn=webmail.domain.com" -DomainName: ocb.domain.local, ocbomsrv18.domain.local, webmail.domainrealty.com, webmail.domainmall.com, webmail.domain-is.org, outlook.domainrealty.com, outlook, domainrealty.com, autodiscover.domain.LOCAL, autodiscover.domainrealty.com, autodiscover.domainmall.com, autodiscover.domain-is.org -KeySize 1024 -PrivateKeyExportable: $true regards Sameer Shaikh Hi, I strongly suggest that you change the order of the Domainnames in your certificate. If you don't you could get problemes with Windows XP connectig with Outlook Anywhere if you haven't hardcoded the Outlookprovider EXPR. If webmail.domain.com is the name you use for Outlook Anywhere, put that name first. I also don't see a good reason to add these names in your certificate: autodiscover.domain.LOCAL outlook domainrealty.com Martina Miskovic

Hi Do you have anything update on your issue ? If post is helpful to you, please mark it as answer.Terence Yu TechNet Community Support

Hi, Thanks for reply i have change the name order, but i have to change some setting on TMG server Listener also please look at the step 6 and 7. step 1 New-ExchangeCertificate -GenerateRequest -Path c:\ert_request.csr -SubjectName "c=US, o=company, ou=IT, cn=webmail.domain.com" -DomainName:webmail.domainrealty.com, webmail.domainmall.com, webmail.domain-is.org, outlook.domainrealty.com, outlook, domainrealty.com, autodiscover.domain.LOCAL, autodiscover.domainrealty.com, autodiscover.domainmall.com, autodiscover.domain-is.org -KeySize 1024 -PrivateKeyExportable: $true step 2 certreq.exe -submit -attrib "CertificateTemplate:WebServer" c:\cert_request.csr step 3 Import-ExchangeCertificate -path c:\name.cer -friendlyname webmail.domainmall.com step 4 Enable-ExchangeCertificate -thumbprint <New Certificate thumbprint> -services IIS,POP,IMAP,SMTP step 5 Remove-ExchangeCertificate -Thumbprint <old Certificate thumbprint> Step6 Imported exchange certificate in both TMG server Step7 Changed the certificate in TMG listener policy. thanks again the problem has resolved. regards Sameer Shaikh