Products & Services | Switch to Us | Support | Contact Us | About Us | Home
 
support


CSR Generation

Validation

Certificate Installation

FAQ


server software

Apache (mod_SSL & OpenSSL)
cPanel / WHM
Cobalt RAQ
MS Exchange 2007
MS Exchange 2010
F5 BigIP
HSphere
IBM HTTP Server
iPlanet 4.x / SunONE 6.x
Java-based Webservers
Microsoft IIS 4.x
Microsoft IIS 5.x/6.x
Microsoft IIS 7.x
Oracle (using Wallet Manager)
Plesk



CSR Generation: Microsoft Exchange 2010

Generating a Certificate Signing Request (CSR) on Microsoft Exchange 2010

CSR generation on Microsoft Exchange 2010 can be done via either the GUI or via a cmdlet accessed via the Exchange Management Shell (EMS). Choose either option from below.

GUI

  1. Start the Exchange Management Console by going to Start > Programs > Microsoft Exchange 2010 > 'Exchange Management Console'.


  2. Click the link for 'Manage Databases'.


  3. Select 'Server Configuration' and choose 'New Exchange Certificate' from the actions. This will begin the wizard.


  4. Enter a name for the certificate - this name is for your own reference.


  5. Here you have the option to enable a wildcard - only choose this if you are ordering a single wildcard certificate. In this case, skip the next step.


  6. Now you must select the services you require the certificate for, and enter the appropriate FQDNs (Fully Qualified Domain Names). As a general rule, you should enter all the names via which your Exchange 2010 server is accessed.


  7. Review and confirm the list of domains and FQDNs to be added to the certificate.


  8. Now enter the information for your organization. You must also select a location for the CSR file to be written to.


  9. Review the summary of the CSR generation, and the CSR file will be saved.


  10. Open the CSR file (specified above) with a text-editor and copy and paste the contents into the enrollment form when requested.

cmdlet

  1. Open the EMS. (To access the EMS, go to the 'Start' menu > Programs > Microsoft Exchange Server 2007 and choose 'Exchange Management Shell'). The command you need to enter looks like this:
    2. New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "C=US, O=Example Company, L=City, ST=State, CN=exchange.example.com" -DomainName exampletwo.com, examplethree.com -Path c:\exchange.example.com.req -PrivateKeyExportable:$true

    -GenerateRequest: This is the command flag to create a new CSR.

    -KeySize: This controls the size of your private key. We recommend at least 2048 bit.

    -SubjectName: This sets the Subject of your CSR. 'C' is Country, in the ISO-3166 two-letter standard (note 'GB' for Great Britain, US for USA etc.). 'O' is Organisation. 'L' is Locality. 'ST' is State or province. 'CN' is CommonName, or your primary FQDN for the server.

    -DomainName: This allows you to specify additional domain names, as most Exchange 2007 installations require the certificate to secure more than one FQDN.

    -Path: This specifies where to place the CSR.

    -PrivateKeyExportable: This sets that the private key being generated is exportable, and will allow you to backup and/or move the private key later.


  2. Open the CSR file (specified above with the '-Path' flag) with a text-editor and copy and paste the contents into the enrollment form when requested.
Notes:
Instead of specifying all the domains within the command, there are two additional flags that can be specified: '-IncludeAcceptedDomains' and '-IncludeAutoDiscover'. Using these instead of the '-DomainName' flag will automatically add the autodiscover FQDN, as well as all of the domains Exchange is configured to accept.

The Microsoft TechNet article for this command is available here: http://technet.microsoft.com/en-us/library/aa998327(EXCHG.80).aspx.

  •     Enterprise SSL Certificates
      Secure your e-transactions and maximize budget efficiencies with TrustedSecure Enterprise SSL Certificates.
      Learn more
  •     TrustedSecure Site Seal
      Give your site visitors the confidence that they can share private information securely with the TrustedSecure Site Seal.
      Learn more
  •     CSC TrustedSecure CertManager
      Access the CSC TrustedSecure Certificate Authority and manage your enterprise's SSL portfolio online with the TrustedSecure CertManager.
      Learn more
  •     Cert-Assure™ Audit
      Uncover all certificates that have been registered and confirm their expiration dates with a Cert-Assure audit.
      Learn more
    • Copyright 2010 Corporation Service Company, All rights reserved.