Exchange 2013 SSL certificates ???

Unless you specifically configure your SSL Server profile to look at the CAS server cert, it isn't going to care what cert is on your CAS server. So yes, you could put the same cert in all places.

In my deployment I use one cert with all the needed names on the LTM. On the CAS server I use certificates signed by our internal CA, with the machine name as the common name of the cert.

The company doesn't have an internal CA so I maybe it is best to get certs from their current CA? If so, I wonder I need to buy just one or four?

Again, the F5 isn't going to care about the cert on the CAS server unless you specifically tell it to via the server ssl profile. You could use one cert, or if you have concern about having the private key everywhere, you could use self sign certs on the CAS servers. I think IIS will generate a self signed cert for you, or pretty much anything with openssl on it(including the F5) can do it.

Got it. The LTM just acts a client using the server ssl profile and will talk to whatever cert the CAS server is using.

1) So if I go with a Verisign cert, I can just import the private key/cert combo onto all CAS servers, right? LTM has the Verisign root ca in it's bundle so no issue there.

2) If I generate self-signed certs on the LTM then I need to export the private key/cert combo and import it on the CAS servers, correct?

Thank you,

Correct on both accounts. If you export on the LTM, you will probably need to convert it to pkcs12 format for windows.

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

you can run this from the F5 bash shell if you don't have openssl somewhere else.

Thank you very much.