To generate a CSR, use the Exchange Management Shell. To access the Exchange Management Shell perform the following steps:
Note: The recommended key bit size is 2048-bit. All certificates that will expire after October, 2013 must have a 2048 bit key size.
- Click Start
- Click All Programs
- Click Microsoft Exchange Server 2007
- Click Exchange Management Shell
- From the Exchange Management Shell enter the following command:
New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, S=State, L=City, O=Organization, OU=Organizational Unit, CN=www.website.com" -privatekeyexportable:$true -keysize 2048 -Path c:\certificate_request.txt
The CSR needs to contain the following attributes:
Country Name (C): Use the two-letter code without punctuation for country, for example: US or CA.
State or Province (S): Spell out the state completely; do not abbreviate the state or province name, for example: California.
Locality or City (L): The Locality field is the city or town name, for example: Berkeley.
Organization (O): If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
Organizational Unit (OU): This field is the name of the department or organization unit making the request.
Common Name (CN): The Common Name is the Host + Domain Name. It looks like "www.company.com" or "company.com".
Subject Alternative Names (SANs): During enrollment for the SSL certificate, SANs can be entered into the enrollment fields.
- Proceed to enrollment.