Certificate Signing Request (CSR) on Microsoft Exchange 2007 (powershell)

Creating a CSR on Exchange 2007 (PowerShell)

In order to create a CSR on Exchange 2007, you must use the New Exchange Certificate cmdlet which can be used from the Exchange Management Shell (EMS)
Note: Exchange Management Shell:

  • Click Start
  • click Programs
  • and then click Microsoft Exchange Server 2007
  • Then click Exchange Management Shell.
  • The 'Generate Request' parameter for this cmdlet will create the CSR, as a PKCS#10 file which we will then use to create your certificate.
  • The 'Subject Name' parameter contains the details that are signed into the certificate.
  • The 'CN' parameter is the Primary Domain Name (Please use a fully qualified domain name[FQDN]), and should also be entered into the order form.
  • An example command to generate a request would be:


New: Exchange Certificate ==>Generate Request ==>Subject Name
Country=GB,
Organization=Some Company
Common Name=exchange.example.net
Key Size= 2048
Path= c:\\exchange.example.net.req

  • The resulting 'exchange.comodo.com.req' file can be opened in Notepad or similar text-editor and pasted into the order form.

Note: If you plan on exporting your certificate from your server or making a backup of this you will need to use the below command to enable this

New: Exchange Certificate==>Generate Request ==>Subject Name
Country=GB
Organization=Some Company
Common Name=exchange.example.net
Key Size =2048
Path= c:\\exchange.example.net.req
Private Key Exportable= $true

Note: This is the bare minimum that we require for UCC CSR's.

  • Adding extra flags to the above command(s) may not have the intended result.
  • We do not need the other domains included in the CSR.
  • There are places for them on the UCC order form.
  • To include them in the CSR use the following command.


New: Exchange Certificate ==>Generate Request==>Subject Name
Country=GB
Organization=Some Company
Common Name=exchange.example.net
Key Size= 2048
Domain Name: server1, imap.server1.com, exchange.example.net, pop.server1.com
Path= c:\\exchange.example.net.req
Private Key Exportable= $true

Important:
To access Exchange Management Shell cmdlets, you must load the Exchange Management Shell from the Microsoft Exchange Server 2007 program menu.