Huge amounts of info on the web for this. Have you loaded the SSL cert into the CAS? If so, all you need is to do a get-exchangecertificate to find the thumbprint for the SSL cert you want to use, and then enable-exchangecertificate to enable specific Exchange services to use that cert. Note that all IIS services are lumped together (OWA, EAS, EWS, etc.) The default self-signed certificate will continue to be used for SMTP unless you specify "not to" in your enable-exchangecertificate. Be aware, however, that the default lifetime of that certificate is only one year. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: exchangelist-bounce@xxxxxxxxxxxxx [mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Patrick Sent: Friday, January 09, 2009 9:56 AM To: exchangelist@xxxxxxxxxxxxx; exchangelist@xxxxxxxxxxxxx; msexchange@xxxxxxxxxxxxx Subject: [ExchangeList] Exchange 2007 ssl issue Hi Guys, I just need a bit of clarity on this. Why MS has decided to change things, beats me. We are looking to publish owa through isa 2006. Exchange 2007 was installed with the default certificate applied during installation. Now we have created a request for a CA sll which has just arrived. We are looking to publish owa for start, then move on to other things ie ActiveSync. Now my questing is how you got about this to get things to work. We already have a dns name called owa.jackmurray.com, which the Certificate was created in, now how do we go about getting this to work, and also would applying this new certificate disbale the default one. Please setps would be very helpful, I am finding it dificult to understand why ms has made thinsg so complicated. thanks Patrick