Ask a Question

Advanced Search

Solution ID : SO22069

Last Modified : 05/02/2018

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Microsoft Exchange 2003


This document provides instructions for generating a Certificate Signing Request (CSR) for Microsoft Exchange 2003. If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL certificate will no longer match. You will have to request a replacement SSL certificate.

To Generate a CSR on Microsoft Exchange 2003 follow the instructions below:

  1. Click Start > Programs > Microsoft Exchange > System Manager.
  2. If the Display administrative groups option is turned on, expand Administrative Groups, and then expand the First Administrative Group.
    NOTE: To display administrative groups, right-click Your_Organization, click Properties, click to select the
    Display administrative groups check box, click OK two times, and then restart Exchange System Manager.
  3. Expand Servers, expand the Exchange Server container that you want to configure, and then expand the Protocols container.
  4. Expand each protocol that you want to configure, right-click the Default Protocol_Name virtual server object, and then click Properties.
  5. Click the Access tab, and then click Certificate.
  6. In Web Server Certificate Wizard, click Next, click Create a new certificate, and then click Next.
  7. Click Prepare the request now, but send it later, and then click Next.
  8. Either type an appropriate name for the certificate in the Name box, or leave the default setting of
    Default Protocol_Name Virtual Server.
  9. In the Bit Length list, select 2048, and then click Next.
  10. Fill out the information in the required fields and click on Next.
    • Organization (O): The full legal name of your company.
    • Organizational Unit (OU): This field is the name of the department or division making the request.
    • Common Name (CN): The fully-qualified domain name to which your certificate will be issued.
    • Country Name (C): Enter the two-character abbreviation of country in which organization resides (e.g. US).
    • State or Province (S): Enter the full name of your state or province.
      Note: Make sure the State or Province is not abbreviated (e.g. California).
    • Locality or City (L): Usually the city of your organization's main office, or a main office for your organization.
  11. In the File name box, do one of the following:
    • Type a name and a path for the location where you want to create the certificate.
    • Leave the default file name in this box.
  12. Click Next.
  13. Review the information that is on the Request File Summary page. If something is not correct, click Back until you reach the page that must be
    corrected, and then click Next until you return to the Request File Summary page, and then click Next.
  14. The final page confirms that a certificate with the specified file name has been created. The default setting is drive name:\certreq.txt.
  15. Click Finish.
  16. Proceed with the Enrolment.

Once the certificate has been issued, follow the steps from this link to install the certificate on your server.


        For more information visit Microsoft Support.