Knowledgebase
CSR Generation: Exchange 2007 (PowerShell)

Creating a CSR on Exchange 2007


In order to create a CSR on Exchange 2007, you must use the New-ExchangeCertificate cmdlet which can be used from the Exchange Management Shell (EMS)
Note: Exchange Management Shell: Click Start, click Programs, and then click Microsoft Exchange Server 2007. Then click Exchange Management Shell.

The 'GenerateRequest' parameter for this cmdlet will create the CSR, as a PKCS#10 file which we will then use to create your certificate.

The 'SubjectName' parameter contains the details that are signed into the certificate. The 'CN' parameter is the PrimaryDomainName (Please use a fully qualified domain name[FQDN]), and should also be entered into the order form.

An example command to generate a request would be:

-> New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=Some Company, CN=exchange.example.net" -KeySize 2048 -Path c:\exchange.example.net.req

The resulting 'exchange.comodo.com.req' file can be opened in Notepad or similar text-editor and pasted into the order form.

Note: If you plan on exporting your certificate from your server or making a backup of this you will need to use the below command to enable this

-> New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=Some Company, CN=exchange.example.net" -KeySize 2048 -Path c:\exchange.example.net.req -PrivateKeyExportable $true

Note: This is the bare minimum that we require for UCC CSRs. Adding extra flags to the above command(s) may not have the intended result. We do not need the other domains included in the CSR. There are places for them on the UCC order form. To include them in the CSR use the following command.

-> New-ExchangeCertificate -GenerateRequest -SubjectName "C=GB, O=Some Company, CN=exchange.example.net" -KeySize 2048 -DomainName server1, imap.server1.com, exchange.example.net, pop.server1.com -Path c:\exchange.example.net.req -PrivateKeyExportable $true

Note: CN = Common Name, C= 2 letter ISO country code, O = Your Company Name

For more information on the Office Communications Server 2007 Certificate Wizard and installing certificates for Office Communications Server, see the deployment documentation available on the Office Communications Server 2007 Technical Library.

Important:
To access Exchange Management Shell cmdlets, you must load the Exchange Management Shell from the Microsoft Exchange Server 2007 program menu.

Related Articles:
* Installing your Unified Communications Certificate
* What domains should I include in my UCC certificate?
* Requesting a replacement UCC certificate
* More...

(2045 vote(s))
Helpful
Not helpful

Comments (0)