How to Generate a CSR for Microsoft Exchange 2007
You will need to create a key pair for your server to generate a CSR. These two items are a digital certificate key pair and must not be separated. Losing your public/private key file or password will result in you havinf to generate a new one, causing your SSL Certificate to no longer match. You will have to order a new SSL Certificate and which may result in a charge.
- Click Start > All Programs >
Microsoft Exchange Server 2007 > Exchange Management Shell
The CSR must contain the following attributes:
a. Country Name: Use the two-letter code without punctuation for country, for example: US
b. State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: Ohio
c. Locality or City: The locality field is the city or town, for example: Atlanta
d. Company: If your company or department have an &, @, or any other symbol in its name, you must spell it out or omit the characters to enroll.
e. Organizational Unit: This field is optional but can be useful in helping identify certificates registered to an organization. The Organizational Unit (OU) field is the name of the department or organization or department unit making the request.
f. Common name: The Common Name is the Host + Domain name. It looks like "www.company.com" or "company.com"
SSL certificates can only be used on the Web server using the Common Name specified during enrollment. For example, a certificate for the domain "domain.com" will receive a warning if accessing a site named "www.domain.com" or "secure.domain.com", because the URLs are different than the original domain name, "domain.com".
This is an example of the proper command syntax:
New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, S=State, L=City, O=Organization , OU=Organizational Unit, CN=www.website.com" -privatekeyexportable:$true -keysize 2048 -Path c:\certificate_request.txt
Verify your CSR
BACK