Generate CSR - Microsoft Exchange 2007
Article Purpose: This article provides step-by-step instructions for generating a Certificate Signing Request (CSR) in Microsoft Exchange 2007. If this is not the solution you are looking for, please search for your solution in the search bar above.
Note: By using the Exchange Management Shell, you can create a certificate request. You define all the DNS host names of the Client Access servers in the GlobalSign web form. You can then enable users to connect to the certificate for services such as Outlook Anywhere, Autodiscover, POP3 and IMAP4, or Unified Messaging that are listed in the Sub Alternate Names (SANs) attribute.
- During the online enrollment process you will be required to provide GlobalSign with a Certificate Signing Request (CSR). This encrypted data is generated from within the Exchange Management Shell and contains information about your company and Web server.
To generate a CSR, use the New-ExchangeCertificate cmdlet, and the -GenerateRequest parameter together with the Path parameter to define where the request file will be created. The resulting file will be a PKCS#10 request (.req) file.
This example generates a certificate request for the Exchange server: mail1. The Common Name of the Subject Name contains the Fully Qualified Domain Name (FQDN) of the server:
New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=GlobalSign Ltd, cn=mail.globalsign.com, s=State/Region, l=Locality" -privatekeyexportable $true -Path c:\certificates\mail1.globalsign.req
The following items are necessary for the certificate to work correctly.
- The CSR must contain the following attributes and their values;
- Country (c)
- Organization Name (o)
- Common Name (cn)
- State (s)
- Locality (l)
- The company listed in the organization Name (O) must own the domain name that appears in commonName (CN) field of CSR.
- The commonName must be identical to the fully qualified domain name of the site for which you are requesting a certificate. Such as mail.globalsign.com
- Do not use the following characters in any of the fields in the Exchange Management Shell: > < ! @ # $ % ^ * ( ) ~ ? / \. &
- Open the CSR text file you created in step 1 (c:\mail1.globalsign.req) in a simple text editor, such as Notepad. You will need the contents of this file during the SSL certificate purchase process. Below is an example of what your CSR will look like.
-----BEGIN NEW CERTIFICATE REQUEST-----MIIDVDCCAr0CAQAweTEeMBwGA1UEAxMVd3d3Lmpvc2VwaGNoYXBtYW4uY29tMQ8w DQYDVQQLEwZEZXNpZ24xFjAUBgNVBAoTDUpvc2VwaENoYXBtYW4xEjAQBgNVBAcT CU1haWRzdG9uZTENMAsGA1UECBMES2VudDELMAkGA1UEBhMCR0IwgZ8wDQYJKoZI hvcNAQEBBQADgY0AMIGJAoGBAOEFDpnOKRabQhDa5asDxYPnG0c/neW18e8apjOk 1yuGRk+3GD7YQvuhBVS1x6wkw1D2RnmnZgN1nNUK0cRK7sIvOyCh1+jgD7u46mLk 81j+b4YSEmYZGPLIuclyocPDm0hXayjCUqWt7z6LMIKpLym8gayEZzz9Gn97PsbP kVFBAgMBAAGgggGZMBoGCisGAQQBgjcNAgMxDBYKNS4xLjI2MDAuMjB7BgorBgEE AYI3AgEOMW0wazAOBgNVHQ8BAf8EBAMCBPAwRAYJKoZIhvcNAQkPBDcwNTAOBggq hkiG9w0DAgICAIAwDgYIKoZIhvcNAwQCAgCAMAcGBSsOAwIHMAoGCCqGSIb3DQMH MBMGA1UdJQQMMAoGCCsGAQUFBwMBMIH9BgorBgEEAYI3DQICMYHuMIHrAgEBHloA TQBpAGMAcgBvAHMAbwBmAHQAIABSAFMAQQAgAFMAQwBoAGEAbgBuAGUAbAAgAEMA cgB5AHAAdABvAGcAcgBhAHAAaABpAGMAIABQAHIAbwB2AGkAZABlAHIDgYkAk0kf HSkr4jsEVya3mgUoyaYMO456ECNZr4Cb+WhPgexfjOO5qwOG1oDOTaKycrkc5pG+ IPBQnq+4cotT8hWJQwpc+qGb8xUETpxCokhrhN5079vFXq/5dsHkmtOTwkSqSnz9 yruVoxYeDQ8jI3KG3HTgxwFto8oZnm+E+Y4oshUAAAAAAAAAADANBgkqhkiG9w0B AQUFAAOBgQAuAxetLzgfjBdWpjpixeVYZXuPZ+6jvZNL/9hOw7Fk5pVVXWdr8csJ 6JUW8QdH9KB6ZlM4yg8Df+vat1/DG6GuD2hiIR7fQ0NtPFBQmbrSm+TTBo95lwP+ ZSZTusPFTLKaqValdnS9Uw+6Vq7/I4ouDA8QBIuaTFtPOp+8wEGBHQ==
-----END NEW CERTIFICATE REQUEST-----
- Purchase the SSL certificate. A comparison of GlobalSign's SSL certificates is available to help you select the appropriate option.
- Submit the contents of the CSR. During the purchase process you will be asked to copy and paste the contents of the CSR file into a field then complete the certificate request form and wait to be contacted by a member of the GlobalSign vetting staff.
Once you have gone through the vetting process and received your certificate please follow the instructions on how to Install the SSL certificate on Microsoft Exchange 2007.