OK. Now we have a cert.

Prerequisites

  • The domain used for establishing a federation trust should be resolvable from the Internet.
    This requires that the domain be registered with a domain registrar, and the DNS zone for the domain be hosted on a DNS server accessible from the Internet. If the organization receives Internet e-mail for the domain, these requirements are already met.
  • A valid X.509 certificate issued that meets the requirements for federation trusts.
    The certificate must be issued by a Certification Authority (CA) trusted by the Microsoft Federation Gateway. This certificate will be deployed automatically to all Client Access and Hub Transport servers accessible by the federation trust task
  • To implement you can use EMC or Shell. From shell the cmd is:

    Get-ExchangeCertificate | where {$_.IsSelfSigned -eq $false} | fl

    Here it is from EMC. Right click on the organization and the wizard comes up for adding your certificate. Browse and Add your certificate and click on New. On the next page ensure it’s completed successfully.

    image