Generate CSR: Microsoft Exchange Server 2007
Follow these instructions to generate a Private Key and CSR.
- Use the New-ExchangeCertificate cmdlet
to create the certificate signing request file. Refer to the CSR Legend in right-hand side of
this page for examples and explanations of the various command options.
Click Start > All Programs > Microsoft Exchange Server 2007, and then click
Exchange Management Shell. From the Exchange Management Shell enter the following
New-ExchangeCertificate –generaterequest –subjectname "O=My
Corporation Inc, OU=Internet Sales, C=US, S=California, L=Los Angeles,
-keysize 2048 –path
2048 in the command above is the key
bit length. GeoTrust recommends a key bit length of 2048.
Your site's Common
Name (CN) is the fully-qualified-domain name for your
web site or mail server. You should put whatever your end-users will
type to access OWA, such as mail.mydomain.com. What ever your end-user
will see in their browser's address bar is what you should put in here.
Do not include http:// nor https://.
Refer to the CSR Legend on the right-hand side of this page for examples. If this is
wrong, your certificate will not work properly.
Note: if you plan to purchase a
True BusinessID® Multi-domain
Unified Communications Certificate, which secures up to 25 domains,
you can include the Subject Alternative Names (SANs) in the CSR request and
they will be detected automatically OR you may type them in manually during the order process.
- Open the CSR text file you created in step 1 (c:\certrequest.txt)
in a simple text editor such as Notepad.
Save a copy of your CSR. The CSR will be needed during the online order
process. You'll be asked to copy-and-paste your CSR into a special CSR box.
Below is an example of what your CSR will look like. This
is a example only and cannot be used to generate your SSL certificate.
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
- Purchase certificate. If you haven’t already,
create a GeoCerts SSL Manager portal login account here.
Login to your SSL Manager account
and select the Buy Now tab. Select the Unified
Communications True BusinessID Multi-domain certificate product if you plan to use additional SAN server
- Submit contents of CSR. During the purchase process
you will be asked to copy-and-paste the contents of the CSR file into a box. Additionally,
if you're buying a True BusinessID® Multi-domain
Unified Communications Certificate, you’ll be asked to type in up
to 24 additional server names to be included in the Subject Alternative
Name fields of the finished SSL certificate (these are optional).
When generating your CSR you will be asked to input
a few pieces of info. Below are some common fields with descriptions and examples.
(also see About the CSR)
Common Name (CN)
The fully-qualified-domain name for your certificate. Examples include...
- *.domain.com (for wildcard SSL)
The exact legal name of your organization. Do not abbreviate your
organization's name. Example: Metro Realty LLC or Flowers by Jenny
Organizational Unit (OU)
The section or division of the organization. Example: Sales, Support, Customer Service
City or Locality (L)
The city where your organization is legally located. Cannot be
abbreviated. Example: Atlanta
State (S) or Province
The state or province where your organization is legally located. Cannot
be abbreviated.. Example: Georgia
The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)
Any email address. This field is arbitrary but must be filled in. GeoTrust
will not use this email address to process your order. Example: email@example.com
Key Bit Length
The key bit length has to do with the initial key exchange, not the
encryption strength of your certificate. GeoTrust recommends a key bit length of 2048.