Generating a Certificate Signing Request (CSR) - Exchange Server 2007
Print this Article
Comment on this Article
Last Updated:
October 26, 2009 3:17 PM
When generating a UCC CSR, you must provide the country, city, state, company name, and the additional domains that you want included in the resulting UCC certificate. The following is an example of the command you would enter, using the Exchange Manage Shell utility.
New-ExchangeCertificate -generaterequest -keysize 2048 -subjectname "c=Your Country, l=Your Locality/City, s=Your State, o=Your Corporation Name,cn=YourMainDomain.com" -domainname CAS01,CAS01.exchange.corp.contoso.com,exchange.contoso.com,
autodiscover.contoso.com -PrivateKeyExportable $true -path c:\certrequest.txt
autodiscover.contoso.com -PrivateKeyExportable $true -path c:\certrequest.txt
where:
- c = Organization's country of residence
- l = Organization's locality or city
- s = Organization's state or province
- o = Your Organization's legally registered name (Company or Person's first and last name)
- cn = The first/main Fully Qualified Domain Name (FQDN) to be secured that will always be visible in the certificate details.
-
-domain = The comma-separated list of additional domains that will be included in your certificate and referred to as Subject Alternative Names (SANs). The SAN field is not exposed through Exchange directly. You can view it only in Certificate Manager in MMC or through the Internet Information Services (IIS) Manager. Certificates bound to a website, such as those used by IIS for Outlook Web Access, Exchange ActiveSync, or Autodiscover, are also viewable in IIS Manager.
NOTE: -domainname attribute is not required to be completed during the CSR generation process. Our SSL Management console allows you to manage the SANs without generating new CSR's each time you want to add or remove a SAN.
- -PrivateKeyExportable $true = If you have to export a copy of the requested certificate to import it to a client computer or another server computer, you must use the -privatekeyexportable $true parameter when you create the request
- -path c:\certrequest.txt = The complete path and filename where the resulting CSR file will be placed when generated
For additional information click on the following link : Certificate Use in Exchange Server 2007.