Forum Discussion

Harris_Henry_71's avatar
Icon for Nimbostratus rankNimbostratus
Jun 12, 2012

Exchange 2010 certificate request with F5 GTM/LTM

We are installing Exchange 2010 in a dual datacenter configuration. We will have both sites servicing end users so its in a Active\Active state. I wanted to know if its best practice to generate certificate request from F5 or from Exchange 2010 CAS server. We will be load balancing our OWA\RPC\Autodiscover with both F5 LTM\GTM's.



I have always requested Exchange certificates from Exchange but never dealt with F5 GTM\LTM's.



Thanks in advance.




3 Replies

  • Dayne_Miller_19's avatar
    Historic F5 Account
    Hello Harris-



    Ultimately it doesn't matter where you generate your certificate request. If you are more familiar with Exchange/IIS certificate requests, that's probably your better choice. In either case, when you receive your certificate and key from your CA after submitting the request, you just need to import them into the BIG-IP.



    Note that BIG-IP prior to version 11.1 did not have the ability to generate a SAN (Subject Alternative Name) cert request in the web GUI.






  • Dwayne,



    Thank you for your prompt reply. This clears things up for me alot.






  • Personally i am used to the Exchange tools, and find them very easy to generate a request and process it back in once I get the certificate back from the issuer. Once it is on the Exchange server, i can export it through the Certificate MMC and import it into the F5. This way I have a backup of the cert as well. There was a gotcha when renewing an Exchange cert through the EMC, but I believe that was fixed in the latest rollup.