Generate CSR: Microsoft Exchange Server 2007

Follow these instructions to generate a Private Key and CSR.

1. Use the New-ExchangeCertificate cmdlet to create the certificate signing request file. Refer to the CSR Legend in right-hand side of this page for examples and explanations of the various command options.
   
   Click Start > All Programs > Microsoft Exchange Server 2007, and then click Exchange Management Shell. From the Exchange Management Shell enter the following command.
   
   New-ExchangeCertificate –generaterequest –subjectname "O=My Corporation Inc, OU=Internet Sales, C=US, S=California, L=Los Angeles, CN=exchange.mydomain.com" –privatekeyexportable:1 -keysize 2048 –path c:\certrequest.txt

   Tip: The 2048 in the command above is the key bit length. GeoTrust recommends a key bit length of 2048.

   Your site's Common Name (CN) is the fully-qualified-domain name for your web site or mail server. You should put whatever your end-users will type to access OWA, such as mail.mydomain.com. What ever your end-user will see in their browser's address bar is what you should put in here. Do not include http:// nor https://. Refer to the CSR Legend on the right-hand side of this page for examples. If this is wrong, your certificate will not work properly.

   Note: if you plan to purchase a True BusinessID® Multi-domain Unified Communications Certificate, which secures up to 25 domains, you only include the main external FQDN when generating the CSR request. You will be asked to type in your additional Subject Alternative Names (SAN) during the order process.

2. Open the CSR text file you created in step 1 (c:\certrequest.txt) in a simple text editor such as Notepad.
3. Save a copy of your CSR. The CSR will be needed during the online order process. You'll be asked to copy-and-paste your CSR into a special CSR box.
   
   Below is an example of what your CSR will look like. This is a example only and cannot be used to generate your SSL certificate.
   -----BEGIN CERTIFICATE REQUEST----- MIIB3zCCAUgCAQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMRAw DgYDVQQHEwdBdGxhbnRhMREwDwYDVQQKEwhHZW9DZXJ0czEaMBgGA1UECxMRSW5l cm5ldCBNYXJrZXRpbmcxGTAXBgNVBAMTEHd3dy5nZW9jZXJ0cy5jb20xITAfBgkq hkiG9w0BCQEWEmFkbWluQGdlb2NlcnRzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEA5KOi+RnRzBuBQeFYjrwZg1sfT7zr4L8j0Khuoj621x+lGBmFC76c kGclUIQBmuyp9T9NrNqAjGtEmgdFr6cWLJtgXgi+BaZDLX9BMYF49NuTggNoEUMX crQRAENHb2YthG2SEcF5p98RNcDPzWOA3a4AMvgkxDlDGYUhbcQhnt0CAwEAAaAA MA0GCSqGSIb3DQEBBAUAA4GBAIapt6Tw0BTYUwEAX0/oKvaaN/ghErR85jdW7xOD b1hL0yNfb495A7e/IQyBEP5a/v+QUOtibHS4geiPhH9etAI+DSQmctjbf6dMGJql gCXGwlsTbjPOSmNT+/X2Uvf1BlplwqAMDghEuFHsjshlypz1NEg94ri2K9N1VrBs
+iAv
-----END CERTIFICATE REQUEST-----
4. Purchase certificate. If you haven’t already, create a GeoCerts SSL Manager portal login account here. Login to your SSL Manager account and select the Buy Now tab. Select the Unified Communications True BusinessID Multi-domain certificate product if you plan to use additional SAN server names.
5. Submit contents of CSR. During the purchase process you will be asked to copy-and-paste the contents of the CSR file into a box. Additionally, if you're buying a True BusinessID® Multi-domain Unified Communications Certificate, you’ll be asked to type in up to 24 additional server names to be included in the Subject Alternative Name fields of the finished SSL certificate (these are optional).