Support Desk

  1. Support Desk
  2. Generate CSR

Generate CSR Microsoft Exchange Server Outlook Web Access (OWA)

Follow these instructions to generate a Private Key and CSR. You must have at least Service Pack 1 installed.

When you enable Exchange Server for Outlook Web Access (OWA) the actual HTTP browser requests are handled by your Internet Information Services (IIS) Server. To setup SSL for your OWA implementation, you'll need to do it through the IIS Manager console.

  1. Open the Internet Information Services (IIS) Manager. From the Start button select Programs > Administrative Tools > Internet Information Services Manager.
  2. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
  3. Right-click the Web site for which you want to request a certificate, and then click Properties. By default it will be Default Web Site, yours may be different.


  4. Select the Directory Security tab and click Server Certificate in the Secure communications section.
  5. Click Next in the Welcome to the Web Server Certificate Wizard window.
  6. Select Create a new certificate, Click Next.
  7. Select Prepare the request now, but send it later.
  8. At the Name and Security Settings screen, fill in the friendly name field for the new certificate

    Tip: the friendly name can be any name that helps you remember what this certificate is for when you see it in a list later. We recommend using your domain as the friendly name, such as mysite.com.

  9. Select bit length. We recommend using a 2048-bit length (2048 is required for EV SSL). Click Next.
  10. Leave the 'Select cryptographic service provider (CSP) for this certificate' unchecked. Click Next.
  11. You will be asked for several pieces of info which will be used by GeoTrust to create your new SSL certificate. These fields include the Common Name (aka domain, FQDN), organization, country, key bit length, etc. Use the CSR Legend in the right-hand column of this page to guide you when asked for this information. The following characters should not be used when typing in your CSR input: < > ~ ! @ # $ % ^ / \ ( ) ? , &
  12. Enter your Organization (e.g., Gotham Books Inc) and Organizational Unit (e.g., Internet Sales). Click Next.
  13. THIS IS THE MOST IMPORTANT STEP! Enter your site's Common Name. The Common Name is the fully-qualified-domain name for your web site or mail server. What ever your end-user will see in their browser's address bar is what you should put in here. Do not include http:// nor https://. Refer to the CSR legend in the right-hand column of this page for examples. If this is wrong, your certificate will not work properly. Click Next.
  14. Enter your Geographical Information for Country, State, and City. Do not abbreviate States and Cities. Click Next.
  15. In the Certificate Request File Name box enter the path and file name where you want to save your CSR. You can use the default of c:\certreq.txt. Remember where you save it, you'll need to be able to find this CSR file later. Click Next.
  16. Review the data on the Request File Summary screen and click Next.
  17. Click Finish to complete the Wizard.
  18. Now, from a simple text editor such as Notepad (do not use Word), open the CSR file you just created at c:\certreq.txt (your path/filename may be different). You will need to copy-and-paste the contents of this file, including the top and bottom lines, into the relevant box during the online order process.

Additional Resources:

Learn more about Implementing Outlook Web Access by Markus Klein at MSExchange.org.