This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2010. If you are unable to use these instructions for your server, DigiCert recommends that you contact Microsoft.
To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
To generate a CSR for Microsoft Exchange 2010, use the Exchange Certificate Wizard and perform the following steps:
- Open the Exchange Management Console by going to:
Start > Programs > Microsoft Exchange 2010 > Exchange Management Console.
- Select Manage Databases.
- Select Server Configuration from the left menu, and then New Exchange Certificate from the actions menu on the right.
- When prompted for a friendly name, enter a name by which you can easily remember and identify this certificate. This name is used for identification only and does not form part of the CSR.
- Under Domain Scope, leave the option to Enable wild card certificate unchecked and click Next.
NOTE: If you are requesting a Wildcard Certificate, select this option, click Next, and proceed to Step 8.
- In the Exchange Configuration menu, select the services that will be secured, and enter the URLs used to connect to those services.
- Click Next.
- In the Certificate Domains section, Exchange 2010 will provide a list of domains to include in your certificate request.
NOTE: Symantec enrollment pages will only recognize the URL that you set as common name. It is recommended that you delete / remove the other URLs in this list. You will need to manually enter these URLs as Subject Alternative Names (SANs) when enrolling for the certificate (at Step 16).
- Click Next.
- In the Organization and Location section, please provide the following information:
- Organization: If your company or department has an &, @, or any other symbol using the shift key in its name, you must spell out the symbol or omit it to enroll, for example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
- Organizational unit: This field is the name of the department or organization unit making the request.
- Country/region: Use the two-letter code without punctuation for country, for example: US or CA.
- City/locality: The Locality field is the city or town name, for example: Berkeley.
- State/province: Spell out the state completely; do not abbreviate the state or province name, for example: California.
- Click Next.
- Click Browse to save the CSR to your computer as a .req file, then click Save.
- Click Next > New > Finish.
- You will now be able to open the CSR with notepad. Copy everything from the first - of the BEGIN line right through to the last - of the END line into the online order form.
- Verify your CSR.
- Proceed to Enrollment.
To enroll for Certificate Using Subject Alternative Names, follow the steps from this solution.
Once the certificate has been issued, follow the steps from this link to install the certificate on your server.