Problem/Warning:
Do you want to enforce SSL communication on the root web site? If not, rerun the cmdlet with the -DoNotRequireSSL
Why?
If you have a SAN -certificate behind a Hardware Load Balancer Setup (CAS-Array) + Kemp
And YOU DON'T DO SSL-Offload on the KEMP you get this warning while you replace the Certificate
on the Exchange 2010 CAS Servers.
In general Certificates on Exchange 2010 with Load Balancer Setups for CAS
Remember to Export the Certificate on the first CAS you have and then Import on the Other CAS Servers.
Make sure all the FQDN names are included, also the CAS-Array FQDN (We have it in the SAN-Certificate) and it works with several setups.
There are many discussions what to include and esp. if to include the CAS-Array FQDN > Yes take in into the SAN-Certificate.
Check out or SAN-Certificates for Exchange Links:
http://www.butsch.ch/post/Generate-SAN-UC-Certificate-SSL-on-Exchange-2010.aspx
[PS] D:\edv>enable-exchangecertificate -identity 0A89FD2B27126DE330950FFA00DA26835D444A59 -Services "IMAP, POP, IIS, SMTP" the -DoNotRequireSSL
Confirm
Do you want to enforce SSL communication on the root web site? If not, rerun the cmdlet with the -DoNotRequireSSL
parameter.
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"):
enable-exchangecertificate -identity 0A89FD2B27126DE340950FFA00DA26835D544A59 -Services "IMAP, POP, IIS, SMTP" - DoNotRequireSSL