Hi Mark, Because Verisign sells the certs and they say you need to pay for a cert for each machine. However, if the question is whether you need two SSL certs to make the FE/BE config work, I'm pretty sure you don't. Just install the single cert on the ISA firewall and bind it to the listener. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp> -----Original Message----- From: Kingery, Mark [mailto:Mark.Kingery@xxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:12 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Just curious why is two needed? -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx] Sent: Tuesday, June 24, 2003 11:05 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT SSL http://www.ISAserver.org Hi Winston, Unfortuatnely, that is correct. If you have Administrative control over the clients, you might consider using your own certificate server. This also discourages users from using Kiosks and other unsecure sites from connecting to OWA. I never allow connections from completely unmanaged and untrusted computers, so if you have that option, you might consider it. HTH, Tom Thomas W Shinder www.isaserver.org/shinder <http://www.isaserver.org/shinder> ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp <http://tinyurl.com/1llp>