Knowledge Base

Microsoft Exchange 2007

February 5, 2019

Creating a CSR on Exchange 2007 (PowerShell)


In order to create a CSR on Exchange 2007, you must use the New-Exchange Certificate cmdlet which can be used from the Exchange Management Shell (EMS)

Exchange Management Shell:
Click Start
Click Programs
Click Microsoft Exchange Server 2007
Click Exchange Management Shell

The 'Generate Request' parameter for this cmdlet will create the CSR, as a PKCS#10 file which we will then use to create your certificate.

The 'Subject Name' parameter contains the details that are signed into the certificate. The 'CN' parameter is the Primary Domain Name (Please use a fully qualified domain name[FQDN]. If you are adding a wildcard, define it with an asterisk, such as *.sectigo.com), and should also be entered into the order form.

Example command to generate a request would be:

New: Exchange Certificate ==>Generate Request==>Subject Name
Country=GB,
Organization=Some Company
Common Name=exchange.example.net
Key Size= 2048
Path= c:\\exchange.example.net.req

The resulting 'exchange.comodo.com.req' file can be opened in Notepad or similar text-editor and pasted into the order form.

Note: If you plan on exporting your certificate from your server or making a backup of this you will need to use the below command to enable this

New-Exchange Certificate==>Generate Request==>Subject Name
Country=GB,
Organization=Some Company,
Common Name=exchange.example.net'
Key Size= 2048
Path= c:\\exchange.example.net.req
Private Key Exportable= $true

Remember: This is the bare minimum that we require for UCC (Unified Communication Certificates) CSRs. Adding extra flags to the above command(s) may not have the intended result. We do not need the other domains included in the CSR. There are places for them on the UCC order form. To include them in the CSR use the following command.

Example:
New: Exchange Certificate ==>Generate Request ==>Subject Name
Country=GB,
Organization=Some Company
Common Name=exchange.example.net
Key Size= 2048
Domain Name= server1, imap.server1.com, exchange.example.net, pop.server1.com
Path= c:\\exchange.example.net.req -
Private Key Exportable= $true

Important:
To access Exchange Management Shell cmdlets, you must load the Exchange Management Shell from the Microsoft Exchange Server 2007 program menu.