How to generate a CSR code on Exchange 2007 using PowerShell

  CSR generation instructions

You can create the CSR code on an Exchange server using Exchange Management Shell following the steps below:Enter Exchange Management Shell. Click Start > All Programs > Microsoft Management Server 2007 > Exchange Management Shell

  1. Enter Exchange Management Shell. Click Start > All Programs > Microsoft Management Server 2007 > Exchange Management Shell
  2. To generate a CSR, use New-ExchangeCertificate cmdlet with the following parameters:
    • GenerateRequest will generate a new certificate request in PKCS#10 format.
    • SubjectName should contain the information you want to include in your certificate request, namely:

    C – Country (2 letter abbreviation);

    S – State (full name of the state, region or province);

    L – Locality (full name of the city or locality);

    O – Organization Name (legally registered company name);

    OU – Organization Unit Name (department within the above mentioned company);

    CN – Common Name (the fully qualified domain name you want to secure with SSL certificate)

    Note: Please use an asterisk in front of the domain name for Wildcard certificates (e.g. * However, we do not recommend using Wildcard certificates on Exchange servers 2010 and later versions, since they might not work correctly.

    • KeySize represents the key size of the certificate’s public and private key. Starting December 20, 2010, Certificate Authorities require all the certificates to have a key length of 2048- or 4096- bit.
    • Path will define the location on your Windows machine where the file with the CSR code will be saved.
    • PrivateKeyExportable will define the possibility to back up the RSA Private key later. It is useful in case you decide to install your SSL certificate on another server later.

    Here is an example of the command that should be used:

    New-ExchangeCertificate -GenerateRequest -SubjectName “C=US, S=California, L=Los Angeles,, OU=SSL Support,” -KeySize 2048 -privatekeyexportable $true -Path C:CSRsexample.req

  3. As a result, a file with a new certificate request will be generated at C:CSRsexample.req You can open the file with NotePad, copy the certificate request from the file including —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—–, then paste the request into the certificate activation form in your account with us.

After the certificate is issued, you will need to install it on the server. You can check the certificate installation guide for Exchange here.