There are several ways to renew DigiCert or any third party certificate in TMG. However, the easiest way is using DigiCert® Certificate Utility for Windows that can be obtain thru DigiCert’s website.
Sometimes, I’m always confuse how the renew certificate works, after several research, the concept is very easy :
1) Generate Certificate Signing Request (CSR)
2) Send the CSR to third party certificate authority and download the certificate generate by third party certificate authority.
3) Import the certificate inside the same server that generate the certificate.
4) To install the same certificate to another server, export the certificate to .pfx file.
5) Install the .pfx file in another server.
6) Assign the certificate to services like Exchange, IIS and etc (app level configuration)
Where is the important key here?
1) When generate CSR, the server will automatically generate private key
2) CSR will not include the private key
3) For first time import the certificate, private key is required. Thus, it’s the reason why we need to import the certificate inside same server that we generate CSR
4) To install same certificate in another server, .pfx is used due to .pfx will export the certificate with private key (that’s why we are advise to put the password when exporting to .pfx)