As mentioned previously, whenever a SEG is inserted between the TMG and EAS servers, IIS is no longer configured on the EAS server, it is configured on the SEG server.

The procedure for configuring IIS is exactly the same no matter where IIS resides. For that reason, rather than duplicate the same procedure in Configure IIS for Certificate Authentication with TMG, go back to that section and whenever it mentions performing a step on the EAS server, replace that reference to the EAS server with the SEG server.