you can use the ISACERTTOOL to renew the certificate on the TMG Server:
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
My client does not allow to use ISACERTTOOL on their production environment . Is there any other way to renew server certificate on TMG forefront servers in workgroup deployment.
I have 2 load balanced (NLB) TMG servers (one primary and other secondary node). Please share the steps that how to renew the expiring certificate on both of these servers.
Can a single certificate e.g server01.workgroupname.local which is issue by internal CA (with the same workgroup) can be installed on both the TMG servers or do i need to issue 2 different certificates for both the servers and then install them individually.
your quick response is much appreciated.
You need to manually install the certificate then.
See http://technet.microsoft.com/en-us/library/ee658148.aspx for install instructions and http://technet.microsoft.com/en-us/library/ee658141.aspx for creating the certificates.
You need one server cert for each array member issued to the fqdn of the member it is supposed be installed on. You also need to make sure that root and enterprise (if applicable) ca are installed on all array members.
Hth, Anders Janson Enfo Zipper
Thanks a Lot Anders but I could not understand "one server cert for each array member issued to the fqdn of the member" . Does it mean
1 . different certificate for each array member (i.e server01.workgroup.local for server01 and server02.workgroup.local for server02)?
2. Single server certificate (server01.workgroup.local) for both the servers. server01 in the primary member of the array.
I am asking this because at present I can see that there is same server certificate present (i,e server01.workgroup.local) on both the servers under ADAM_ISASTGCTRL\personal certificate store.
could you please throw some light on it.
Thanks and regards