Renew Exchange Server 2010 SSL Certificate
In Exchange 2010 there are two ways to generate a CSR.
- Option 1: Using the New Exchange Certificate Wizard GUI (recommended).
- Option 2: Using the Exchange Management Shell.
Option 1: Create your CSR with the New Exchange Certificate Wizard (recommended)
- Start the Exchange Management Console by going to Start > Programs > Microsoft Exchange 2010 > Exchange Management Console.
- Click the link to Manage Databases.
- Select Server Configuration in the menu on the left, select the certificate to renew in the Exchange Certificates section and then Renew Exchange Certificate from the actions menu on the right.
- Click Browse to save the CSR to your computer as a .req file. Note the name and location of the file and then Save and follow through to Finish.
- Open the CSR text file you just created (file-name.req) in a simple text editor such as Notepad (do not open in Word). Below is an example of what your CSR will look like.
Option 2: Create your CSR with the Exchange Management Shell
- Start the Microsoft Exchange Management Shell by clicking Start > Programs > Microsoft Exchange 2010 > Exchange Management Shell
From the command line, type the following:New-ExchangeCertificate -GenerateRequest -KeySize 2048 -SubjectName "c=US, l=City or Locality, s=State or Province, o=The Legal Name of your Organization, cn=Your_Domain.com" -PrivateKeyExportable:$true
2048in the command above is the key bit length. GeoTrust recommends a key bit length of 2048.
This command should be entered into the management shell as a single line without using returns until the end. Replace the details listed in this sample command with the details of your own organization.
- Type the following line immediately after generating the file:
Set-Content -path "C:\your_CSR_name.csr" -Value $Data