In this tutorial, we will show you how to generate a CSR in Microsoft Exchange. Below you will find tutorials for each MXS version.
After your CA validates the CSR and issues the SSL certificate, you can proceed to the Exchange SSL installation instructions.
Table of Contents
- How to generate a CSR Code in Microsoft Exchange 2013 & 2016?
- How to generate a CSR code in Microsoft Exchange 2010?
- How to Generate a CSR code in Microsoft Exchange 2007?
- How to Generate a CSR code in Microsoft Exchange 2003?
How to generate a CSR Code in Microsoft Exchange 2013 & 2016?
We’ll be using Exchange Admin Center (EAC) to create your CSR.
- Open your browser and type the URL of your server (e.g. https://localhost/ecp) to access the Exchange Admin Center
- On the EAC page select Servers from the left menu, then click on Certificates at the top right
- Click the + symbol to start the new Exchange certificate wizard
- In the new window, select Create a request for a certificate from a certification authority and then click Next
- Now, enter a Friendly name for your certificate. You may choose any name you want; however, we recommend entering your domain name in order to not get confused
- If you want to secure your mail server with a Wildcard certificate, check the box and enter the base domain name with an asterisk in front of the domain (e.g. *.ssldragon.com). For regular certificates, leave the box unchecked. Click Next
- In the next window, click Browse, then select the Server where you want to store the certificate request. Click Next
- Skip this step if you’re generating a CSR code for a Wildcard Certificate; otherwise, continue. From the list, select the services that you would like to associate with your SSL Certificate. Use “Ctrl+Left Click” to highlight the services. When you’re done, click Next.
- If you have a multi-domain SSL certificate, a list of domains and subdomains which you can include will appear in the next window. Use the + to add any additional names, or the – button to remove the unwanted ones. Make sure you don’t remove the server’s name, as it is also present in the list. Double-check your names and click Next
- Specify information about your organization. Follow the examples below:
- Organization name – the officially registered name of your organization
- Department name – the department that manages your SSL Certificates. Usually, it is IT
- Country/Region name – the country where your organization is legally located
- City/Locality – the city/locality where your company is legally located
- State/Province – the state/province where your business is legally located
- In the next window, under the *Save the certificate request to the following file, enter the path where you want to save the certificate request file (.req file), then click Finish
- Open your newly generated CSR code with a text editor such as Notepad. Copy the content of that file and paste it into the SSL Dragon order form. Make sure you include the —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– tags
- Wait for your SSL Certificate to arrive in your email inbox, then continue with the installation.
How to generate a CSR code in Microsoft Exchange 2010?
Microsoft Exchange Server 2010 introduced a large list of improvements and new features such as a database, client access server, personal archive, reduced hardware requirement, and many more. The CSR creation process also changed from the previous versions. Please, follow the steps below to successfully generate your CSR code for MXS 2010.
- Launch the Exchange Management Console via Start > Programs > Microsoft Exchange 2010.
- In the Organizational Health tab click Manage databases under the Organization Summary
- On the left Exchange menu, select Server Configuration, then choose New Exchange Certificate from the right pane
- The New Exchange Certificate wizard will open. In the Introduction menu, enter a friendly name for the certificate and click Next
- In the Domain Scope section click Next.
Note: If you want to add a Wildcard certificate, check the Enable Wildcard Certificate box, enter the root domain name together with an asterisk, (e.g. *.ssldragon.com) and then click Next
- Under Exchange Configuration, select the services you want to secure and click Next
- On the Certificate Domains page, add the common name (the fully qualified domain name associated with the SSL Certificate). Click Set as common name, then Next
- In the Organization and Location section fill in the fields with up-to-date info about your company. Make sure you enter the official name, and the location where the organization is legally registered
- On the same Organization and Location section click Browse and select a save location for your CSR file. Specify a name for the .req file and click Save
- Now, in the New Exchange Certificate wizard click Next, then New, and finally Finish
- Next, you need to open the CSR file and copy-paste the whole content including —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—– in a text editor file such as Notepad
- Use the CSR in the order process with SSL Dragon
- Wait for CA to approve your SSL request, and once you receive the certificate, proceed with the installation.
How to Generate a CSR code in Microsoft Exchange 2007?
- Click Start, go to All Programs > Microsoft Management Server 2007, and select Exchange Management Shell
- Copy-paste the following command into a plain-text editor such as Windows Notepad:
New-ExchangeCertificate -GenerateRequest -SubjectName "C=US, L=City, S=State, O=Company Name, OU=Organizational Unit, CN=www.website.com" -privatekeyexportable:$true -keysize 2048 -Path c:\certificate_request.txt
- Update the following parameters as shown below:
- C –Two-letter country code of your organization’s location (e.g. US)
- L – Full name of the city or locality of your organization (e.g. San Jose)
- S – Full name of your organization’s state, region, or province (e.g. California)
- O – The legally registered name of your organization (e.g. GPI Holding, LLC)
- OU – The organization unit responsible for SSL management (e.g. IT)
- CN – The fully qualified domain name you want to secure (e.g. ssldragon.com)
Note: If you want to secure your site with a Wildcard SSL certificate, add an asterisk in front of the domain name (e.g. *.ssldragon.com).
- –privatekeyexportable – set this parameter to $true to enable the export of the certificate
- -keysize – set this parameter to 2048 (the industry standard bit-length)
- -Path – indicate the path and filename of the generated certificate (e.g. c:\csr\certrequest.txt). In this example your certificate will be created in the “csr” folder on your C: Drive
- Double-check the command you’ve just edited and copy-paste it into Exchange
- If the CSR generation is successful, your thumbprint will become available. Now, you need to copy and paste the whole content in a text file including —–BEGIN NEW CERTIFICATE REQUEST—– and —–END NEW CERTIFICATE REQUEST—–
- Submit your newly generated CSR during the order process with SSL Dragon.
- Wait for CA to validate your request, and issue the SSL Certificate. Once it arrives in your email inbox, prepare to install the SSL Certificate.
How to Generate a CSR code in Microsoft Exchange 2003?
For certificate management, Microsoft Exchange 2003 works in tandem with the Microsoft IIS console. Please consult our in-depth guide on how to generate a CSR code in Microsoft IIS 5 & 6 and then return to this guide.