Products & Services | Switch to Us | Support | Contact Us | About Us | Home
 
support


CSR Generation

Validation

Certificate Installation

FAQ


server software

Apache (mod_SSL & OpenSSL)
cPanel / WHM
Cobalt RAQ
MS Exchange 2007
MS Exchange 2010
F5 BigIP
HSphere
IBM HTTP Server
iPlanet 4.x / SunONE 6.x
Java-based Webservers
Microsoft IIS 4.x
Microsoft IIS 5.x/6.x
Microsoft IIS 7.x
Oracle (using Wallet Manager)
Plesk



CSR Generation: Microsoft Exchange 2007

Generating a Certificate Signing Request (CSR) on Microsoft Exchange 2007

CSR generation on Microsoft Exchange 2007 uses a cmdlet accessed via the Exchange Management Shell (EMS). To access the EMS, go to the 'Start' menu > Programs > Microsoft Exchange Server 2007 and choose 'Exchange Management Shell'.

  1. Open the EMS as above. The command you need to enter looks like this:
    2. New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "C=US, O=Example Company, L=City, ST=State, CN=exchange.example.com" -DomainName exampletwo.com, examplethree.com -Path c:\exchange.example.com.req -PrivateKeyExportable:$true

    -GenerateRequest: This is the command flag to create a new CSR.

    -KeySize: This controls the size of your private key. We recommend at least 2048 bit.

    -SubjectName: This sets the Subject of your CSR. 'C' is Country, in the ISO-3166 two-letter standard (note 'GB' for Great Britain, US for USA etc.). 'O' is Organisation. 'L' is Locality. 'ST' is State or province. 'CN' is CommonName, or your primary FQDN for the server.

    -DomainName: This allows you to specify additional domain names, as most Exchange 2007 installations require the certificate to secure more than one FQDN.

    -Path: This specifies where to place the CSR.

    -PrivateKeyExportable: This sets that the private key being generated is exportable, and will allow you to backup and/or move the private key later.


  2. Open the CSR file (specified above with the '-Path' flag) with a text-editor and copy and paste the contents into the enrollment form when requested.
Notes:
Instead of specifying all the domains within the command, there are two additional flags that can be specified: '-IncludeAcceptedDomains' and '-IncludeAutoDiscover'. Using these instead of the '-DomainName' flag will automatically add the autodiscover FQDN, as well as all of the domains Exchange is configured to accept.

The Microsoft TechNet article for this command is available here: http://technet.microsoft.com/en-us/library/aa998327(EXCHG.80).aspx.

  •     Enterprise SSL Certificates
      Secure your e-transactions and maximize budget efficiencies with TrustedSecure Enterprise SSL Certificates.
      Learn more
  •     TrustedSecure Site Seal
      Give your site visitors the confidence that they can share private information securely with the TrustedSecure Site Seal.
      Learn more
  •     CSC TrustedSecure CertManager
      Access the CSC TrustedSecure Certificate Authority and manage your enterprise's SSL portfolio online with the TrustedSecure CertManager.
      Learn more
  •     Cert-Assure™ Audit
      Uncover all certificates that have been registered and confirm their expiration dates with a Cert-Assure audit.
      Learn more
    • Copyright 2010 Corporation Service Company, All rights reserved.