Generate CSR - Microsoft Exchange 2007

Article Purpose: This article provides step-by-step instructions for generating a Certificate Signing Request (CSR) in Microsoft Exchange 2007. If this is not the solution you are looking for, please search for your solution in the search bar above.​

Note: By using the Exchange Management Shell, you can create a certificate request. You define all the DNS host names of the Client Access servers in the GlobalSign web form. You can then enable users to connect to the certificate for services such as Outlook Anywhere, Autodiscover, POP3 and IMAP4, or Unified Messaging that are listed in the Sub Alternate Names (SANs) attribute.

  1. During the online enrollment process you will be required to provide GlobalSign with a Certificate Signing Request (CSR). This encrypted data is generated from within the Exchange Management Shell and contains information about your company and Web server.

    To generate a CSR, use the New-ExchangeCertificate cmdlet, and the -GenerateRequest parameter together with the Path parameter to define where the request file will be created. The resulting file will be a PKCS#10 request (.req) file.

    This example generates a certificate request for the Exchange server: mail1. The Common Name of the Subject Name contains the Fully Qualified Domain Name (FQDN) of the server:

    New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=GlobalSign Ltd,, s=State/Region, l=Locality" -privatekeyexportable $true -Path c:\certificates\mail1.globalsign.req

    The following items are necessary for the certificate to work correctly.
    • The CSR must contain the following attributes and their values;
      • Country (c)
      • Organization Name (o)
      • Common Name (cn)
      • State (s)
      • Locality (l)
    • The company listed in the organization Name (O) must own the domain name that appears in commonName (CN) field of CSR.
    • The commonName must be identical to the fully qualified domain name of the site for which you are requesting a certificate. Such as
    • Do not use the following characters in any of the fields in the Exchange Management Shell: > < ! @ # $ % ^ * ( ) ~ ? / \. &
  2. Open the CSR text file you created in step 1 (c:\mail1.globalsign.req) in a simple text editor, such as Notepad. You will need the contents of this file during the SSL certificate purchase process. Below is an example of what your CSR will look like.

  3. Purchase the SSL certificate. A comparison of GlobalSign's SSL certificates is available to help you select the appropriate option.
  4. Submit the contents of the CSR. During the purchase process you will be asked to copy and paste the contents of the CSR file into a field then complete the certificate request form and wait to be contacted by a member of the GlobalSign vetting staff.

Once you have gone through the vetting process and received your certificate please follow the instructions on how to Install the SSL certificate on Microsoft Exchange 2007.

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Scan your endpoints to locate all of your Certificates.

Log In / Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.