This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2013. If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.
Note: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
Note: To generate a CSR for Microsoft Exchange 2013 using the Exchange Management Shell perform the steps here.
To generate a CSR for Microsoft Exchange 2013 using IIS perform the following steps:
- Start the IIS by selecting Tools > Internet Information Services (IIS) Manager
- Select Server Certificates
- Select Create Certificate Request on the right side
- Complete in full all the required fields in the new page that will appear, without any abbreviation, except the country code.
- Common Name: The fully-qualified domain name to which your certificate will be issued.
- Organization: The full legal name of your company.
- Organizational Unit: Use this field to differentiate between divisions within an organization.
- City or Locality: Usually the city of your organization's main office, or a main office for your organization.
- State or Province: Enter the full name of your state or province.
Note: Make sure the State or Province is not abbreviated (e.g. California).
- Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).
- Select Next
- Select 2048 from the Bit Length: drop down list.
- Select Next
- Specify the file name and location for the certificate request file
- Select Finish
- Copy the saved CSR when requesting a certificate including the:
-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----
- Verify your CSR
- Once the CSR has been created, proceed to Enrollment.
Once the certificate has been issued, follow the steps from this link to install the certificate on your server: SO22090