The CSR code is necessary for SSL Certificate activation. This can be generated using the Exchange Management Shell (EMS), which can be accessed at Start >> All Programs >> Microsoft Exchange Server 2007 >> Exchange Management Shell.
How to Generating a CSR in Exchange 2007 (PowerShell)
FURTHER READING: |
| 1. Generating a CSR in Plesk 12 |
| 2. How to Generate a CSR on Apache + OpenSSL/ModSSL/Nginx + Heroku |
| 3. How to Generate a CSR using cPanel |
Step 1
The GenerateRequest parameter for this cmdlet is utilized for CSR code generation. The ‘SubjectName’ parameter should include all required details, which will be incorporated into the certificate. The details you need to provide will use the following abbreviations:
The details you will need to provide will use the following abbreviations:
- CN = Domain Name you need Certificate for (fully qualified domain name[FQDN]);
- C = two letter Country code;
- S = name of the State;
- L = name of the Locality/City;
- O = name of your Organization/Company
- OU = Organization Unit (Support, Sales, IT and etc.)
Step 2
An example command to generate a certificate signing request would be:
New-ExchangeCertificate -GenerateRequest -SubjectName “C=US, S=California, L=Los Angeles, O=1Byte Inc, OU=SSL Support, CN=www.1byte.com” -KeySize 2048 -Path c:www.1byte.com.req -PrivateKeyExportable $true
(!)Important:
* bold text should be changed to the valid details about your own organization/company;
* In accordance with the Certificate Authorities policy change, starting from December 20, 2010, SSL Certificates can not be issued using CSR codes less than 2048-bit.
* parameter -Path c:\www.example.com.req is used to specify the location of the future CSR code;
* parameter -PrivateKeyExportable $true will enable export of the Certificate to another server or backup the RSA Private Key
* If you want to generate the CSR code with Subject Alternative Names (SANs) for a Multi-domain certificate, you need to add -DomainName attribute to the command and list all the additional domains after it. For example, -DomainName mail.1byte.com, autodiscover.1byte.com
As result, CSR file named [www.example.com.req] in the root of your C: drive, it can be opened with any text editor such as Notepad. Content of that file should be pasted into correspondent box during the Certificate activation including header and footer: —–BEGIN CERTIFICATE SIGNING REQUEST—– and —– END CERTIFICATE SIGNING REQUEST—– .
Installation on Exchange 2007 can be found here.