Blue Ribbon Toll Free: (800) 892-7095

GeoTrust SSL Certificates

at Wholesale Prices in about 10 Minutes*

Customer Login
Home > GeoTrust SSL Certificates > Generate CSR > Exchange Server Outlook Web Access (OWA)

Generate CSR Instructions: Exchange Server Outlook Web Access (OWA)

Follow these instructions to generate a Private Key and CSR for your Web site.

When you enable Exchange Server for Outlook Web Access (OWA) the actual HTTP browser requests are handled by your Internet Information Services (IIS) Server. To setup SSL for your OWA implementation, you’ll need to do it through the IIS Manager console.

Learn more about Implementing Outlook Web Access.

  1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
  2. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
  3. Right-click the Web site for which you want to request a certificate, and then click Properties. By default it will be Default Web Site, yours may be different.

    Select Default Web Site
  4. Select the Directory Security tab and click Server Certificate in the Secure communications section.
  5. Click Next in the Welcome to the Web Server Certificate Wizard window.
  6. Select Create a new certificate, Click Next.
  7. Select Prepare the request now, but send it later.
  8. At the Name and Security Settings screen, fill in the friendly name field for the new certificate

    Tip: the friendly name can be any name that helps you remember what this certificate is for when you see it in a list later. We recommend using your domain as the friendly name, such as mysite.com.

  9. Select bit length. We recommend using at least a 1024-bit length. Click Next.
  10. Leave the 'Select cryptographic service provider (CSP) for this certificate' unchecked. Click Next.
  11. Enter your Organization (e.g., Gotham Books Inc) and Organizational Unit (e.g., Internet Sales). Click Next.
  12. THIS IS THE MOST IMPORTANT STEP! Enter your site's Common Name. The Common Name is the fully-qualified-domain name for your web site or mail server. What ever your end-user will see in their browser's address bar is what you should put in here. Do not include http:// nor https://. Refer to the CSR Input Fields table below for examples. If this is wrong, your certificate will not work properly. Click Next.
  13. Enter your Geographical Information for Country, State, and City. Do not abbreviate States and Cities. Click Next.
  14. In the Certificate Request File Name box enter the path and file name where you want to save your CSR. You can use the default of c:\certreq.txt. Remember where you save it, you'll need to be able to find this CSR file later. Click Next.
  15. Review the data on the Request File Summary screen and click Next.
  16. Click Finish to complete the Wizard.

    Important: once the CSR has been generated and saved to the location you specified, do not start the IIS certificate wizard again until your new SSL certificate is delivered to you from GeoTrust. Doing so risks losing the pending request that the wizard has set up for you. If this happens the certificate and private key will not match up and you'll have to start over from scratch with a new order.

  17. Now open a text editor such as Notepad and open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy-and-paste the contents of this file into the relevant box during the purchase process.

    Open CSR in Notepad

When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters cannot be accepted: < > ~ ! @ # $ % ^ / \ ( ) ? , &

CSR Input Fields
Field Explanation Example
Common Name (CN)
(host name, FQDN, etc.)		 The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://www.domain.com, then your CSR's common name must be "www.domain.com".
For https://secure.domain.com it must be "secure.domain.com".
For just https://domain.com it must be just "domain.com".
For https://owa.mailserver.net it must be "owa.mailserver.net".
A Wildcard for https://sub.primary-domain.com must be "*.primary-domain.com". The asterisk must be included for Wildcard CSR's.
Organization (O) The exact legal name of your organization. Do not abbreviate your organization name. Metro Realty LLC or Flowers by Jenny
Organizational Unit (OU) Section of the organization Sales Division or IT or Marketing
City or Locality (L) The city where your organization is legally located. Cannot be abbreviated. Boston
State (S) or Province The state or province where your organization is legally located. Cannot be abbreviated. Massachusetts
Country (C) The two-letter ISO abbreviation for your country. US, CA, GB, (must be two-letters)
Email Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order. user@domain.com
Key Bit Length The key bit length has to do with the initial key exchange, not the encryption strength of your certificate. GeoTrust recommends a key bit length of at least 1024