Hi , I like made the test in the lab for my enterprise transition from exchange 2003 to 2007 .in production i have 2 exchange 2003frontend with activesync and owa with a ssl certificate in each.Iwant export this ssl certificates to my lab CAS(2 nlb servers) to test the transition.my questions:can i have running at same time the same ssl certificates :ssl exchange 2003 frontends servers(IP in dmz) and exchange 2007cas import ssl certificates ( cas in internal network).?need i export frontend1 ssl certificate to the cas 1 nlb server and frontend2 ssl certificate to the cas2 nlb server?is only for test export procedure in lab.thanksby allmcse 200 + mesaging

you can use the Certificate MMC to export the cert but you need to export the private key. WHen you import it make sure the cert private key can be exported as well. BP

Hi, Regarding how to export and import certificate, you can refer to the following article: http://www.digicert.com/ssl-support/pfx-import-export-exchange-2007.htm You mentioned you will upgrade to Exchange 2007, please understand you should replace all your Exchange 2003 Front-end servers with Exchange 2007 CAS server before moving all mailboxes to Exchange 2007. We don't support putting an Exchange 2003 FE server in front of an Exchange 2007 Mailbox server. If you would like use one certificate, the subject alter name of the certificate should includes all FQDN of these servers. Are you deployed NLB in Exchange 2003? A related article for your reference: Load Balancing Exchange 2007 Client Access Servers using Windows Network Load-Balancing Technology Part 3: Creating Certificates and Testing Client Services http://www.msexchange.org/articles_tutorials/exchange-server-2007/high-availability-recovery/load-balancing-exchange-2007-client-access-servers-windows-network-technology-part3.html Hope this helps. Thanks, Elvis

Thanks by youranswers , i have all procedures to migrate ssl from exchnage 2003 frontend to the cas servers in the lab.ihave 2 Frontend servers are mounted with nlb and 2 cas server (in the lab) are mounted in nlb.My question is : any problem by use at same time (ssl cert in frontends production server ) and (the same certimported in cas servers(test lab )) ?my production server : (network 10.1.29.x)2 dc2 frontends (nlb ) with thawte certificarte1 backendmy test lab servers : (network 10.1.31.x)1 dc1 frontend 1 backend2cas/hub transport (nlb) --> i want import certificates from frontend (production servers) tothis CAS to test the ssl import steps .Thanks again four your responses.Ivan. mcse 200 + mesaging

There won't be an issue where you place the certs b/c technically you are not using the Lab computers for anything but testing.When you export a cert with the private key your basically making a copy of it to import somewhere else.If you're in a lab why use your 3rd party trusted cert where instead you could deploy a CA in your lab to use for testing?BP

thanks bardopony , I simulate the steps to export import the frontends ssl certificateto the labCAS , for test my transition to exchange 2007 in a lab.this is the reason for use the frontends thawte certificatein my lab.I have a issue with this .I export the pfx file from the exchange 2003 frontends ,but i dont see the file ".cer" in the servers.can i export the .cert from the front ends?Thanks again. mcse 200 + mesaging

going from memory here but...Open the MMC and add the Certificate for the local computer, find the cert you want to export.Export the cert and check export private key, it will ask you for a password and then should export a .p7b or .pfx soemthing like that.Then on the destination server you will want to open the Certificate MMC for the local computer and import the cert to your server.ARe you using W2K8 or W2K3? You will need to bind the Cert to the CAS in IIS 7 or IIS 6 depending on the OS. BP

Thanks again ...my cas servers are 2003.i export my ssl certificate in production serverto a pfx file , but i think i need import in IIS cas server , but i need the .cer file?. or only with .pfx can run.Regards...mcse 200 + mesaging

Hi,You only need to import pfx file, please refer to the link I provided above:http://www.digicert.com/ssl-support/pfx-import-export-exchange-2007.htmThanks,Elvis