This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2007.
If you are unable to use these instructions for your server, Symantec recommends that you contact Microsoft
To generate a CSR, use the Exchange Management Shell and perform the following steps:
- Click Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell
- The CSR needs to contain the following attributes:
- Common Name: The fully-qualified domain name to which your certificate will be issued.
- Organization: The full legal name of your company.
- Organizational Unit: Use this field to differentiate between divisions within an organization.
- City or Locality: Usually the city of your organization's main office, or a main office for your organization.
- State or Province: Enter the full name of your state or province.
Note: Make sure the State or Province is not abbreviated (e.g. California).
- Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).
Here is an example of the proper command syntax:
New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, S=California, L=Mountain View, O=Symatec Corporation, OU=IT, CN=www.symantec.com" -privatekeyexportable:$true -keysize 2048 -Path c:\certificate_request.txt
NOTE: For all certificates the key bit length must be 2048 (-keysize 2048) For further reference please check the
Microsoft Knowledge Base here.
Requirements for Subject Alternative Name certificates:
- Verify your CSR with the Symantec CryptoReport
- Proceed with Enrollment where you will be requested to paste in the CSR text.
Once the certificate has been issued, follow the steps from this link to install the certificate on your server.