This document provides instructions for generating a Certificate Signing Request (CSR) for Exchange 2007. If you are unable to use these instructions for your server, RapidSSL recommends that you contact Microsoft.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
NOTE: All certificates that will expire after October 2013 must have a 2048 bit key size.
To generate a CSR, use the Exchange Management Shell and perform the following steps:
1. Click Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell
2. The CSR needs to contain the following attributes:
3. Here is an example of the proper command syntax:
NOTE: For all certificates the key bit length must be 2048 (-keysize 2048)
For further reference please check the Microsoft Knowledge Base here
NOTE: Requirements for Subject Alternative Name certificates:
The Certificate Signing Request (CSR) file should contain the common name only.
4. Proceed with Enrolment and paste the file you created from the above steps into the
enrollment form when requested for the CSR.
Once the certificate has been issued, refer to this link for installation instructions: SO14293