Option 1: Create your CSR with the New Exchange Certificate Wizard (recommended)

1. Start the Exchange Management Console by going to Start > Programs > Microsoft Exchange 2010 > Exchange Management Console.
2. Click the link to "Manage Databases."
   
3. Select "Server Configuration" in the menu on the left, and then "New Exchange Certificate" from the actions menu on the right.
4. When you are prompted for a friendly name, enter a name by which you will remember this certificate in the future. This name will not become part of the CSR Request, but will be used to identify the certificate during installation.
5. For the Domain Scope, check the box if you will be generating the CSR for a Wildcard SSL Certificate. Otherwise, just go to the next screen. If you do select the box for a wildcard, skip to step 7.
6. In the Exchange Configuration menu, select the services for which you will be using your SSL Certificate. Enter the names through which you connect to those services, when you are prompted.
   
   At the next screen, you will be able to review a list of the names which Exchange 2010 suggests you include in your certificate request. You may also add additional names at this time.
7. Your Organization should be the legal name of your company that is registered with your local government registration authority.
   
   Your Organization unit is your department within the organization (put anything in here, it won't be included in the final certificate).
   
   If you do not have a state/province, enter the city information again in this space.
   
   
8. Click "Browse" to save the CSR to your computer as a .req file, then Save, then Next, then New, and then Finish.


9. Open the CSR text file you just created (NewRequest.req) in a simple text editor such as Notepad (do not open in Word).
Below is an example of what your CSR will look like. This is an example only and cannot be used to generate your SSL certificate.

-----BEGIN CERTIFICATE REQUEST-----
MIIB3zCCAUgCAQAwgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdHZW9yZ2lhMRAw
DgYDVQQHEwdBdGxhbnRhMREwDwYDVQQKEwhHZW9DZXJ0czEaMBgGA1UECxMRSW5l
cm5ldCBNYXJrZXRpbmcxGTAXBgNVBAMTEHd3dy5nZW9jZXJ0cy5jb20xITAfBgkq
hkiG9w0BCQEWEmFkbWluQGdlb2NlcnRzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB
jQAwgYkCgYEA5KOi+RnRzBuBQeFYjrwZg1sfT7zr4L8j0Khuoj621x+lGBmFC76c
kGclUIQBmuyp9T9NrNqAjGtEmgdFr6cWLJtgXgi+BaZDLX9BMYF49NuTggNoEUMX
crQRAENHb2YthG2SEcF5p98RNcDPzWOA3a4AMvgkxDlDGYUhbcQhnt0CAwEAAaAA
MA0GCSqGSIb3DQEBBAUAA4GBAIapt6Tw0BTYUwEAX0/oKvaaN/ghErR85jdW7xOD
b1hL0yNfb495A7e/IQyBEP5a/v+QUOtibHS4geiPhH9etAI+DSQmctjbf6dMGJql
gCXGwlsTbjPOSmNT+/X2Uvf1BlplwqAMDghEuFHsjshlypz1NEg94ri2K9N1VrBs
+iAv
-----END CERTIFICATE REQUEST-----

Option 2: Create your CSR with the Exchange Management Shell

1. Start the Microsoft Exchange Management Shell by clicking Start > Programs > Microsoft Exchange 2010 > Exchange Management Shell
   

2. From the command line, type the following:

   New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, l=City or Locality, s=State or Province, o=The Legal Name of your Organization, cn=Your_Domain.com" -PrivateKeyExportable:$true

   Tip: The 2048 in the command above is the key bit length. GeoTrust recommends a key bit length of 2048.

   This command should be entered into the management shell as a single line without using returns until the end. Replace the details listed in this sample command with the details of your own organization.

3. Type the following line immediately after generating the file:
   Set-Content -path "C:\your_CSR_name.csr" -Value $Data