Ask a Question

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Microsoft Exchange 2013

Solution

This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2013. If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.

Note: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

 Note: To generate a CSR for Microsoft Exchange 2013 using the Exchange Management Shell perform the steps here.

To generate a CSR for Microsoft Exchange 2013 using IIS perform the following steps:

  1. Start the IIS by selecting Tools >  Internet Information Services (IIS) Manager


     
  2.  Select Server Certificates

  3. Select Create Certificate Request on the right side


     
  4. Complete in full all the required fields in the new page that will appear, without any abbreviation, except the country code.


     
  • Common Name: The fully-qualified domain name to which your certificate will be issued.
  • Organization: The full legal name of your company.
  • Organizational Unit: Use this field to differentiate between divisions within an organization.
  • City or Locality: Usually the city of your organization's main office, or a main office for your organization.
  • State or Province: Enter the full name of your state or province. 
    Note: Make sure the State or Province is not abbreviated (e.g. California).
  • Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).
  1. Select Next
  2. Select 2048 from the Bit Length: drop down list.


     
  3. Select Next
  4. Specify the file name and location for the certificate request file


     
  5. Select Finish


     
  6. Copy the saved CSR when requesting a certificate including the:


-----BEGIN NEW CERTIFICATE REQUEST-----
and
-----END NEW CERTIFICATE REQUEST-----

  1. Verify your CSR
  2. Once the CSR has been created, proceed to Enrollment.


Once the certificate has been issued, follow the steps from this link to install the certificate on your server:  SO22090