Ask a Question

Advanced Search

Solution ID : SO22071

Last Modified : 05/31/2019

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Microsoft Exchange 2007



This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2007.
If you are unable to use these instructions for your server, DigiCert recommends that you contact Microsoft

To generate a CSR,  use the Exchange Management Shell and perform the following steps:

  1. Click Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell
  2. The CSR needs to contain the following attributes:
  • Common Name: The fully-qualified domain name to which your certificate will be issued.
  • Organization: The full legal name of your company.
  • Organizational Unit: Use this field to differentiate between divisions within an organization.
  • City or Locality: Usually the city of your organization's main office, or a main office for your organization.
  • State or Province: Enter the full name of your state or province. 
    Note: Make sure the State or Province is not abbreviated (e.g. California).
  • Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).

    Here is an example of the proper command syntax:

New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, S=California, L=Mountain View, O=Some Organization, OU=IT," -privatekeyexportable:$true -keysize 2048 -Path c:\certificate_request.txt

NOTE: For all certificates the key bit length must be 2048 (-keysize 2048) For further reference please check the
Microsoft Knowledge Base here.

Requirements for Subject Alternative Name certificates:

  1. Verify your CSR
  2. Proceed with Enrollment where you will be requested to paste in the CSR text.

Once the certificate has been issued, follow the steps from this link to install the certificate on your server.