Ask a Question

Advanced Search

Solution ID : SO19255

Last Modified : 05/02/2018

Certificate Signing Request (CSR) Generation Instructions for Microsoft Exchange 2007


To generate a CSR, use the Exchange Management Shell. To access the Exchange Management Shell perform the following steps:

Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.

  1. Click Start
  2. Click All Programs
  3. Click Microsoft Exchange Server 2007

  4. Click Exchange Management Shell

  5. From the Exchange Management Shell enter the following command:

    New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, S=State, L=City, O=Organization, OU=Organizational Unit," -privatekeyexportable:$true -keysize 2048 -Path c:\certificate_request.txt

    The CSR needs to contain the following attributes:

    Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
    State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
    Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
    Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
    Organizational Unit (OU): This field is the name of the department or organization unit making the request.
    Common Name (CN): The Common Name is the Host + Domain Name. It looks like "" or "".
    Subject Alternative Names (SANs): During enrollment for the SSL certificate, SANs can be entered into the enrollment fields.
  6. Proceed to enrollment.