Regional offices::
preferred Partners:
You are here > Support > SSL Certificates > Microsoft > Exchange 2007 > Generate CSR

Generating a CSR in Exchange 2007

To create a Certificate Signing Request (CSR) in Exchange 2007 use the cmdlet New-ExchangeCertificate.

NOTE: Do not use the IIS console or the MMC snap-in because it will not work with Exchange 2007!

The GenerateRequest parameter for this cmdlet will generate the CSR as a PKCS#10 file. The GenerateRequest parameter contains all the details mentioned in the certificate. The CN (Common Name) parameter is the domain name.

Step 1: Start the Exchange Management Shell

Start the Exchange Management Shell as an administrator on the server where you want to install the actual SSL Certificate.

  • Start
  • All Programs
  • Microsoft Exchange Server 2007
  • Exchange Management Shell
Opstarten van het Exchange Management Shell

 

Step 2: Generate the Certificate Signing Request

If you want to use the SSL certificate in combination with Outlook Anywhere, Outlook Web Access and the autodiscovery functionality, you need to specify additional information when creating the Certificate Signing Request.

For both Outlook Anywhere and Outlook Web Access the name webmail.hereyourname.com is used. Because the autodiscover functionality will be used, you should also specify autodiscover.hereyourname.com in the certificate. Also, the local server name (in this case comp.loc) should be included in the certificate. This local name will Exchange Outlook use for internal communication.

To create a Certificate Request Signing with Autodiscovery and an internal communication over SSL, you must use the following command.

New-ExchangeCertificate -DomainName autodiscover.hereyourname.com, servername.domain.local -Force
                        -FriendlyName Yourname 
                        -GenerateRequest:$True
                        -Keysize 2048
                        -Path c:/csr.txt
                        -privatekeyExportable:$true
                        -SubjectName "C=NL, O=Hereyourcompany, L=Hereyourcity, 
                                      S=Hereyourprovince, CN=mail.hereyourname.com"

However, if you just like to secure Outlook Anywhere and Outlook Web Access with an SSL Certificate you can use the following command (In this case, you can use the normal Pro SSL Certificate).

New-ExchangeCertificate -DomainName mail.hereyourname.com
                        -Force
                        -FriendlyName Yourname
                        -GenerateRequest:$True
                        -Keysize 2048
                        -Path c:/csr.txt
                        -privatekeyExportable:$true
                        -SubjectName "C=NL, O=Hereyourcompany, L=Hereyourcity, 
                                      S=Hereyourprovince, CN=mail.hereyourname.com"
Exchange Management Shell New-ExchangeCertificate result


Now the file c:/csr.txt will be created. This is the CSR file.

You can find more technical information about the New-ExchangeCertificate cmdlet on the Microsoft Technet website.







(c) Networking4all B.V. All rights reserved
This site is managed by GlobalSign preferred partner Networking4all.