Hello,
I'm using TMG to publish Exchange and 1 other website in a multiple DMZ scenario. I have the following setup:
1. Internal IIS and Exchange server ---> 2. Inner DMZ TMG + Exchange Edge Server---> 3. External TMG
My external TMG in the outer DMZ (3) has a non authenticating web listener configured for 443 traffic and redirects it to the inner TMG, which has a forms based authentication listener. My IIS site, Exchange and both listeners use the same certificate. My certificate provider has given me a month to re-key my SSL certificate due to SHA1 being a weaker cypher. Given that end users will only ever hit the External TMG and not the inner servers, do I need to replace the certificate on all my servers or can I get away with doing it just on the external servers?
IT Support/Everything
