Knowledge Base

Generating a CSR in Exchange 2007 (PowerShell)

The CSR code is required for SSL Certificate activation. This can be generated using Exchange Management Shell (EMS). You can find it at 'Start' > 'All Programs' > 'Microsoft Exchange Server 2007' > 'Exchange Management Shell'.

The 'GenerateRequest' parameter for this cmdlet is used for the CSR code generation. The 'SubjectName' parameter should contain all of the required details, which will be used within the certificate.

The details you will need to provide will use the following abbreviations:

  • 'CN' = Domain Name you need Certificate for (fully qualified domain name[FQDN]);
  • 'C' = two letter Country code;
  • 'S' = name of the State;
  • 'L' = name of the Locality/City;
  • 'O' = name of your Organization/Company
  • 'OU' = Organization Unit (Support, Sales, IT and etc.)

An example command to generate a certificate signing request would be:

New-ExchangeCertificate -GenerateRequest -SubjectName "C=HK, S=Hong Kong, L=Hong Kong, O=ZTABOX LIMITED, OU=SSL Support, CN=www.ztabox.com" -KeySize 2048 -Path c:\www.ztabox.com.req -PrivateKeyExportable $true

generate_csr_whm.jpg

(!)Important:

* bold text should be changed to the valid details about your own organization/company;

* In accordance with the Certificate Authorities policy change, starting from December 20, 2010, SSL Certificates can not be issued using CSR codes less than 2048-bit.

* parameter -Path c:\www.example.com.req is used to specify the location of the future CSR code;

* parameter -PrivateKeyExportable $true will enable export of the Certificate to another server or backup the RSA Private Key

* If you want to generate the CSR code with Subject Alternative Names (SANs) for a Multi-domain certificate, you need to add -DomainName attribute to the command and list all the additional domains after it. For example, -DomainName mail.ztabox.com, autodiscover.ztabox.com

As result, CSR file named [www.example.com.req] in the root of your C: drive, it can be opened with any text editor such as Notepad. Content of that file should be pasted into correspondent box during the Certificate activation including header and footer: -----BEGIN CERTIFICATE SIGNING REQUEST----- and ----- END CERTIFICATE SIGNING REQUEST----- .

Installation on Exchange 2007 can be found here.